Security Experts:

Connect with us

Hi, what are you looking for?



NVIDIA Patches Code Execution Flaws in GPU Drivers

NVIDIA this week released patches for a dozen vulnerabilities in GPU display drivers and vGPU software, including multiple issues that could lead to code execution.

NVIDIA this week released patches for a dozen vulnerabilities in GPU display drivers and vGPU software, including multiple issues that could lead to code execution.

The most severe of the bugs affecting the GPU drivers include CVE‑2020‑5962, which was found in the NVIDIA GPU display driver, and CVE‑2020‑5963, which resides in the CUDA driver. Both feature a CVSS score of 7.8.

Discovered in the Control Panel component of the GPU driver, the first of the issues could allow a local attacker to elevate privileges or cause a denial of service (DoS) condition. The second bug was found in the Inter Process Communication APIs and could lead to code execution, DoS, or information disclosure.

This week, the GPU maker addressed four other vulnerabilities in the GPU display driver, including one in the service host component (CVE‑2020‑5964), which could lead to code execution. The security flaw exists because the application resources integrity check may be missed.

The three remaining bugs, all with a CVSS score of 5.5, could lead to denial of service: CVE‑2020‑5965 resides in the DirectX 11 user mode driver, CVE‑2020‑5966 affects the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, while CVE‑2020‑5967 was found in the UVM driver.

CVE‑2020‑5965, Talos’ security researchers explain, can be triggered by a pixel shader crafted to cause an out-of-bounds access. The researchers say that this flaw is more serious than NVIDIA claims, and that it has a CVSS score of 8.5.

“This vulnerability can be triggered by supplying a malformed pixel shader (inside VMware guest OS). Such an attack can be triggered from VMware guest usermode to cause denial of service attack due to null pointer dereference on vmware-vmx.exe process on host, or theoretically through WEBGL (remote website),” Talos says.

Four other vulnerabilities featuring a CVSS score of 7.8 were identified in the vGPU plugin of the NVIDIA Virtual GPU Manager and are caused by incorrect restriction of operations within the boundaries of a resource (CVE‑2020‑5968), a race condition (CVE‑2020‑5969), lack of validation of input data size (CVE‑2020‑5970), or the reference of memory locations after the targeted buffer (CVE‑2020‑5971).

Successful exploitation of these vulnerabilities could allow attackers to execute code, cause a DoS condition, escalate privileges, or leak data, NVIDIA explains in an advisory.

A fifth vulnerability addressed in the vGPU plugin (CVE‑2020‑5972) this week exists because local pointer variables are not initialized and may be freed later. A sixth such issue (CVE‑2020‑5973) is due to the potential to execute privileged operations. Both issues could lead to DoS conditions.

The addressed flaws affect multiple versions of the GeForce, Quadro, NVS, and Tesla drivers for Windows and Linux, as well as various iterations of vGPU software for Windows, Linux, Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux with KVM, and Nutanix AHV.

Related: NVIDIA Patches DoS Flaws in GPU Driver and vGPU Software

Related: NVIDIA Patches Flaws in GPU Display Driver, GeForce Experience

Related: NVIDIA Patches Command Execution Vulnerability in GeForce Experience

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.