Walden Systems Geeks Corner News Nvidia Fixes Two Flaws Rutherford NJ new Jersey NYC New York City North Bergen County

Nvidia Fixes Two Flaws

Many mainstream cards are sufficient for gaming at 1080p resolutions and 30-60 fps, but you�ll need a powerful card to show its full potential. Make sure your case has enough room for the card you�re considering, and that your power supply has enough watts to spare.

Nvidia issued fixes for high severity flaws in it's graphics driver and GeForce Experience. The flaws can be exploited to launch malicious attacks including denial-of-service and escalation of privileges. Most of the high-severity flaws are in Nvidia’s graphics driver used in devices targeted to enthusiast gamers. This is the software component that enables the device’s operating system and programs to use its high-level graphics hardware.

The driver has three high-severity flaws which all stem from the kernel mode layer handler component of the driver. Kernel mode is generally reserved for the lowest-level, most trusted functions of the operating system. In this case, the layer handler ( nvlddmkm.sys ) for the DxgkDdiEscape interface within the kernel mode has a number of glitches. These issues include the handler not validating the size of an input buffer, de-referencing a NULL pointer and using untrusted input when calculating an array index. All of these issues could enable escalation of privileges or DoS.

Another high severity vulnerability was in GeForce Experience, a supplemental application to the GeForce GTX graphics card. GeForce Experience keeps users' drivers up-to-date, automatically optimizes their game settings and more. GeForce Experience is installed by default on systems running NVIDIA GeForce products. The flaw exists because GeForce Experience contains a vulnerability when GameStream is enabled. GameStream is Nvidia's tool allowing users to stream PC games to Nvidia Shield TVs or Shield Tablets. A hacker with local system access can load Intel graphics driver dynamic link libraries ( DLLs ) to GeForce Experience without validating the path or signature. This attack is known as a binary planting or DLL preloading attack, when an application dynamically loads a DLL without specifying a fully qualified path, which can lead to DoS information disclosure or escalation of privileges through code execution.

Windows GeForce users should update to version 3.20.1. These flaws are similar to high-severity vulnerabilities reported by Nvidia in May 2019, which also existed in the DxgkDdiEscape interface within the kernel mode layer of the driver. Those flaws could have led to information disclosure, escalation of privileges and DoS in impacted Windows gaming devices. So keep the drivers and software up to date.