Walden Systems Geeks Corner News Serious Bugs in Nvidia Graphics Drivers Rutherford NJ New Jersey NYC New York City North Bergen County

Serious Bugs in Nvidia Graphics Drivers

CielView-Server minimizes redundancy in computing resources while allowing users remote desktop access to virtualized user Desktops. CielView-Desktop provides customized solutions to each user in an organization

Nvidia fixed two high-severity flaws in its graphics drivers. Hackers could exploit the vulnerabilities to view sensitive data, gain administrative privileges or launch denial-of-service (DoS) attacks from infected Windows gaming devices. Nvidia's graphics driver for Windows is used in devices targeted to gamers. It’s the software that enables the device's operating system and programs to use its high-level graphics hardware.

One of the vulnerabilities, CVE-2020-5962, exists in the Nvidia Control Panel, which provides control of the graphics driver settings as well as other utilities installed on the system. The flaw could allow a hacker with local system access to corrupt system files, which could lead to DoS or escalation of privileges.

Another vulnerability, CVE‑2020‑5963 exists in the CUDA Driver, a computing platform and programming model. The issue stems from improper access control in the driver's Inter Process Communication APIs. It could lead to code execution, DoS or to leak information. The display driver also contains four medium-severity flaws in the service host component ( CVE‑2020‑5964 ), the DirectX 11 user mode driver ( CVE‑2020‑5965 ), the the kernel mode layer (C VE‑2020‑5966 ) and the UVM driver ( CVE‑2020‑5967 ).

Several Windows and Linux drivers are affected, including ones that use Nvidia's GeForce, Quadro and Tesla software. Nvidia fixed four high-severity flaws in its Virtual GPU manager, which is a tool that enables multiple virtual machines to have simultaneous, direct access to a single physical GPU, while also using Nvidia graphics drivers deployed on non-virtualized operating systems. Another flaw stems from the vGPU plugin validating shared resources before using them, creating a race condition which may lead to DoS. The last vGPU flaw comes from the software reading from a buffer by using buffer access mechanisms such as indexes or pointers, that reference memory locations after the targeted buffer. This could lead to code execution, DoS or escalated privileges.

It's only the latest patches that Nvidia has issued. Earlier in March, the company fixed several high-severity vulnerabilities in its graphics driver, which can be exploited by a local hacker to launch DoS or code-execution attacks. Last year, Nvidia issued fixes for high-severity flaws in two gaming products, including its graphics driver for Windows and GeForce Experience. The flaws could be used to launch malicious attacks. In 2019, Nvidia patched another high-severity vulnerability in its GeForce Experience software, which could lead to code-execution or DoS of products.