NVIDIA Patches High Risk Vulnerabilities in GPU Display Drivers
NVIDIA has released a security update for the NVIDIA GPU display driver, to address several High severity vulnerabilities impacting GeForce, Quadro, NVS, and Tesla products.
A total of 8 security vulnerabilities were addressed in this round of patches, five of which have a CVSS score of 8.8. Exploitation of these bugs could lead to code execution, denial of service or escalation of privileges on the affected systems, the GPU maker says.
Tracked as CVE‑2019‑5665, the first of the flaws was found in the 3D vision component of the GPU display driver. The bug affects the stereo service software, which does not check for hard links when opening a file.
The second issue, CVE‑2019‑5666, affects the kernel mode layer (nvlddmkm.sys) create context command DDI DxgkDdiCreateContext. Incorrect validation of untrusted input or index fails to ensure the index references a valid position within the array.
CVE‑2019‑5667 is a bug in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiSetRootPageTable, while CVE‑2019‑5668 impacts the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiSubmitCommandVirtual. In both cases, the application dereferences a pointer that, instead of being valid, is NULL.
The fifth High severity flaw is CVE‑2019‑5669, residing in the kernel mode layer handler for DxgkDdiEscape. When leveraging a sequential operation to read from or write to a buffer, the software uses an incorrect length value, thus accessing memory outside of the bounds of the buffer.
Another important vulnerability NVIDIA addressed in this round of patches is CVE‑2019‑5670, which also impacts the kernel mode layer handler for DxgkDdiEscape and causes the software to access memory outside of its buffer. This could lead to denial of service, escalation of privileges, code execution or information disclosure.
Another flaw is CVE‑2019‑5671, a denial of service flaw in in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the software does not release a resource after its effective lifetime has ended.
The last bug is CVE‑2018‑6260, where application data processed on the GPU is accessible through a side channel exposed by the GPU performance counters. Exploitation of this vulnerability requires local user access, but the flaw also impacts Linux, FreeBSD, and Solaris.