Serious Flaw in Nvidia's Graphics Driver
Nvidia issued patches for high-severity vulnerabilities in its graphics driver, which can be exploited by a local hacker to launch denial-of-service or code-execution attacks. The most severe flaw exists in the control panel component of the graphics driver, which is the utility program that helps users monitor and adjust the settings of their graphics adapter. According to Nvidia, a hacker with local system access can corrupt a system file in the control panel, which would lead to DoS or escalation of privileges.
Another vulnerability exists in the control panel of the graphics driver. A hacker with local system access could exploit this flaw by planting a malicious dynamic link library file in the control panel, which may lead to code execution, DoS or information disclosure.
Nvidia's graphics card display driver is used in gaming systems. It's the software that enables the operating system and programs to use its high-level graphics hardware. Specifically impacted are display drivers used in GeForce, Quadro and Tesla-branded GPUs for Windows.
Patches are now available, with the exception of a patch for vulnerable R440 versions of Tesla for Windows. Fixes for R440 will be available on the week of March 9. This is only the latest Nvidia security patch affecting gamers. Last year, Nvidia issued fixes for high-severity flaws in two popular gaming products, including its graphics driver for Windows and GeForce Experience. The flaws could be exploited to launch an array of malicious attacks, from DoS to escalation of privileges. Also in 2019, Nvidia patched another high-severity vulnerability in its GeForce Experience software, which could lead to code-execution or DoS of products.