Nvida GPU Display Drivers
Images: Shutterstock

Nvidia GPU display drivers could be on the radar of hackers. According to the latest news, Nvidia is prompting Geforce graphics card owners running Windows OS, to update their drivers.

The three severe flaws in Nvidia GPUs were discovered by Kushal Arvind Shah from Fortinet’s FortGuard Labs. The vulnerability could allow hackers to steal information, gain administrative access on users PC or worse, launch a DoS (Denial of Service) attack.

Nvidia GPU Display Drivers Need To Be Updated ASAP

If you’re running any latest Nvidia Geforce graphics card, be it on your desktop or laptop, then you need to upgrade it asap.

The Nvidia GPR Display driver has a vulnerability termed CVE-2019-5675 in its kernel mode (nvlddmkm.sys) for DxgkDdiEscape. This exploit does not synchronize data such as static variables across threads. It could lead to a DoS attack.

Another vulnerability is termed CVE-2019-5676, which could be used to launch a DLL attack. Nvidia GPU Display drivers load the Windows system DLL incorrectly without any sign validation. Hackers can run a custom DLL in Current Working Directory and trick the system into granting them access.

DLL Attacks
When an attacker gains control of one of the Current Working Directories or CWD, they can plant a custom DLL (Dynamic Link Library) into it. Using this technique the hacker can execute programs with user privilege.

Nvidia has informed its users via a security bulletin and is currently pushing the updates for a number of Geforce graphics cards.

The third vulnerability dubbed CVH-2019-5677 is the least severe of them all. However, it still contains a kernel mode layer vulnerability which can be exploited to cause a DoS attack.

The severity of all these exploits is as follows:

CVEBase Score (Depending on Severity)Vectors
CVE‑2019‑56757.7AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:H
CVE‑2019‑56767.2AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
CVE‑2019‑56775.6AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H

Are All Nvidia GPUs Affected

A number of Nvidia GPUs have several vulnerabilities. Here is a list of all of them:

CVENvidia GPU Display DriversGPU Drivers AffectedUpdated Safe Versions
CVE‑2019‑5675
CVE‑2019‑5676
CVE‑2019‑5677
GeForceAll R430 versions prior to 430.64430.64
CVE‑2019‑5675
CVE‑2019‑5676
CVE‑2019‑5677
Quadro, NVS
All R430 versions prior to 430.64430.64
All R418 versions prior to 425.51425.51
All R400 versionsAvailable the week of May 13
CVE‑2019‑5666
CVE‑2019‑5675
CVE‑2019‑5677
Quadro, NVSAll R390 versionsAvailable the week of May 20
CVE‑2019‑5675
CVE‑2019‑5676
CVE‑2019‑5677
Tesla
All R418 versions prior to 425.25425.25
All R400 versionsAvailable the week of May 13

 

Nvidia’s risk assessment is based on CVSS v3 standards.

Laptop manufacturers like Lenovo have started rolling out updates for their Nvidia mobile GPUs. Users can expect an official update from their respective laptop manufacturers very soon.

Also Read: Nvidia GTX 1650 Vs 1660 Vs 1660 Ti GPU For Budget Gaming PC