Nvidia warns of GPU driver flaws

Walden Systems Geeks Corner Gaming news Nvidia warns of GPU driver flaws Rutherford NJ New Jersey NYC New York North Bergen County
Many mainstream cards are sufficient for gaming at 1080p resolutions and 30-60 fps, but you’ll need a powerful card to show its full potential. Make sure your case has enough room for the card you’re considering, and that your power supply has enough watts to spare.

Nvidia has issued three patches for high-severity vulnerabilities in its GPU display driver, which could lead to information disclosure, escalation of privileges and denial of service (DoS) in impacted Windows gaming devices. Nvidia's graphics driver for Windows is used in devices targeted to gamers. It's the software component that enables the device's operating system and programs to use its high level graphics hardware. The most severe flaw, CVE‑2019‑5675, could be exploited to launch DoS attacks that could cripple the system, as well as give hackers escalation of privileges and disclose system information.

The bug is in the kernel mode layer handler component of the driver. Kernel mode is generally reserved for the lowest level, most trusted functions of the operating system. In this case, the layer handler for the DxgkDdiEscape interface within the kernel mode does not properly synchronize shared data, which could lead to glitches in the behavior of the data. This can result in malicious attacks, according to Nvidia's security release, issued Thursday.


Another flaw is in the driver’s installer software and is also rated high-severity. The software incorrectly loads Windows system dynamic link libraries without validating their path or signature. This could enable a DLL preloading hacks, where a hacker gains control of a directory on the DLL search path, and places a malicious copy of the DLL in that directory which can lead to privilege escalation of through code execution.

The final vulnerability could lead to DoS. This flaw also exists in the driver's kernel mode layer, nvlddmkm.sys handler, for the DeviceIoControl interface. The software in this component reads from a buffer using buffer-access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer, which may lead to denial of service. Nvidia is recommending that users update its driver on various software products running on Windows. Patches are currently available for various versions of GeForce and Tesla.

Nvidia has patched several flaws so far in 2019. In April, Nvidia released fixes for eight high-severity vulnerabilities in its Linux for Tegra driver packages. The worst could allow information disclosure, denial of service and code execution on impacted systems. And in March, Nvidia patched a high-severity vulnerability in its GeForce Experience software, which could lead to code-execution or DoS of products if exploited.