NVIDIA Patched Multiple GeForce And GPU Driver Vulnerabilities

in bug •  5 years ago 


Recently, NVIDIA has fixed numerous security vulnerabilities in its GeForce Experience software and GPU Display Driver. Users should ensure updating their devices to the patched versions to stay protected.

NVIDIA GeForce Experience Vulnerabilities


As revealed in an advisory, there existed at least three different security flaws in NVIDIA GeForce Experience. NVIDIA came to know of these vulnerabilities through different security researchers from ACTIVELabs, Chengdu University of Technology, and SafeBreach Labs.

The first of these vulnerabilities, CVE‑2019‑5701, could let an attacker load Intel graphics driver DLLs without signature or path validation. Anyone with local access to the system with GameStream active could exploit the flaw. As a result, the attacker could trigger information disclosure, denial of service, or code execution to elevate privileges.

The second vulnerability CVE‑2019‑5689 existed in the Downloader component that allowed an attacker with local access to download and save malicious files. Whereas, the third vulnerability, CVE‑2019‑5695, affected the local service provider component, allowing an attacker to load Windows system DLLs without path or signature validation.

Both vulnerabilities also required an attacker to have local access to the system. Moreover, both flaws could lead to information disclosure, denial of service, or code execution.

These three vulnerabilities allegedly affected all previous versions of GeForce Experience. Following the reports, NVIDIA patched the flaws with the release of GeForce Experience version 3.20.1.

NVIDIA GPU Driver Vulnerabilities


In another advisory, NVIDIA also disclosed numerous vulnerabilities affecting the NVIDIA GPU driver and software.

Specifically, the vendors patched six different vulnerabilities in the NVIDIA Windows GPU Display Driver. Of these, two security flaws (CVE‑2019‑5690 and CVE‑2019‑5691) achieved a CVSS base score of 7.8. Upon exploit, the flaws could lead to privilege escalation or denial of service.

Moreover, NVIDIA also released fixes for three vulnerabilities CVE‑2019‑5696, CVE‑2019‑5697, and CVE‑2019‑5698 in NVIDIA vGPU Software

The vendors have acknowledged Peleg Hadar of SafeBreach Labs for discovering and reporting the bugs CVE-2019-5694 and CVE-2019-5695.

Let us know your thoughts in the comments.


Posted from my blog with SteemPress : https://latesthackingnews.com/2019/11/11/nvidia-patched-multiple-geforce-and-gpu-driver-vulnerabilities/

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://latesthackingnews.com/2019/11/11/nvidia-patched-multiple-geforce-and-gpu-driver-vulnerabilities/

Congratulations @twr! You have completed the following achievement on the Steem blockchain and have been rewarded with new badge(s) :

You published more than 1700 posts. Your next target is to reach 1800 posts.

You can view your badges on your Steem Board and compare to others on the Steem Ranking
If you no longer want to receive notifications, reply to this comment with the word STOP

Do not miss the last post from @steemitboard:

SteemFest Meet The Stemians Contest - The mysterious rule revealed
Vote for @Steemitboard as a witness to get one more award and increased upvotes!