Home Security NVIDIA Patched Multiple GeForce And GPU Driver Vulnerabilities

NVIDIA Patched Multiple GeForce And GPU Driver Vulnerabilities

by ethhack

Recently, NVIDIA has fixed numerous security vulnerabilities in its GeForce Experience software and GPU Display Driver. Users should ensure updating their devices to the patched versions to stay protected.

NVIDIA GeForce Experience Vulnerabilities

As revealed in an advisory, there existed at least three different security flaws in NVIDIA GeForce Experience. NVIDIA came to know of these vulnerabilities through different security researchers from ACTIVELabs, Chengdu University of Technology, and SafeBreach Labs.

The first of these vulnerabilities, CVE‑2019‑5701, could let an attacker load Intel graphics driver DLLs without signature or path validation. Anyone with local access to the system with GameStream active could exploit the flaw. As a result, the attacker could trigger information disclosure, denial of service, or code execution to elevate privileges.

The second vulnerability CVE‑2019‑5689 existed in the Downloader component that allowed an attacker with local access to download and save malicious files. Whereas, the third vulnerability, CVE‑2019‑5695, affected the local service provider component, allowing an attacker to load Windows system DLLs without path or signature validation.

Both vulnerabilities also required an attacker to have local access to the system. Moreover, both flaws could lead to information disclosure, denial of service, or code execution.

These three vulnerabilities allegedly affected all previous versions of GeForce Experience. Following the reports, NVIDIA patched the flaws with the release of GeForce Experience version 3.20.1.

NVIDIA GPU Driver Vulnerabilities

In another advisory, NVIDIA also disclosed numerous vulnerabilities affecting the NVIDIA GPU driver and software.

Specifically, the vendors patched six different vulnerabilities in the NVIDIA Windows GPU Display Driver. Of these, two security flaws (CVE‑2019‑5690 and CVE‑2019‑5691) achieved a CVSS base score of 7.8. Upon exploit, the flaws could lead to privilege escalation or denial of service.

Moreover, NVIDIA also released fixes for three vulnerabilities CVE‑2019‑5696, CVE‑2019‑5697, and CVE‑2019‑5698 in NVIDIA vGPU Software

The vendors have acknowledged Peleg Hadar of SafeBreach Labs for discovering and reporting the bugs CVE-2019-5694 and CVE-2019-5695.

Let us know your thoughts in the comments.

The following two tabs change content below.
Avatar
Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Source link

Related Articles

Leave a Comment