CONFERENCE Watch Now: Threat Detection & Incident Response (TDIR) Summit - Watch Event On-Demand
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

NVIDIA Patches Several Flaws in GPU Display Drivers

NVIDIA has started releasing patches for several denial-of-service (DoS) and privilege escalation vulnerabilities affecting its GeForce, NVS, Quadro and Tesla graphics card drivers.

NVIDIA has started releasing patches for several denial-of-service (DoS) and privilege escalation vulnerabilities affecting its GeForce, NVS, Quadro and Tesla graphics card drivers.

A security advisory published by the company on Thursday reveals the existence of four high severity flaws in the kernel mode layer handler (nvlddmkm.sys) for the DxgkDdiEscape function.

This interface was analyzed earlier this year by Google Project Zero researchers as part of their attempts to attack the NVIDIA kernel mode drivers on Windows. The experts, who found a total of 16 security holes, described DxgkDdiEscape as a “well known entry point for potential vulnerabilities.”NVIDIA patches vulnerabilities in GPU display drivers

The vulnerabilities disclosed on Thursday by NVIDIA exist because a value passed from a user to the driver is not validated properly. A local attacker can exploit this weakness to cause a DoS condition or to escalate privileges.

The other four flaws, classified as medium severity, are related to improper access controls, incorrect initialization of internal objects, and unvalidated user input. They can be exploited by a local attacker to cause a DoS condition.

All of the vulnerabilities affect the Windows drivers, but some also impact Linux, FreeBSD and Solaris. The flaws have been addressed in the Windows drivers for GeForce, NVS and Quadro with the release of version 385.69. An update for Tesla is expected to become available next week. For Linux, FreeBSD and Solaris, versions 384.90 and 375.88 patch the vulnerabilities.

Nine DoS and privilege escalation flaws were patched by NVIDIA in its GPU display drivers in late July. A majority of those security holes were classified as high severity.

Lenovo also published an advisory this week to alert its customers about the NVIDIA display driver vulnerabilities patched in July.

Related: Researcher Unwraps Dangerous NVIDIA Driver Exploit on Christmas Day

Advertisement. Scroll to continue reading.

Related: NVIDIA Releases Fix For Dangerous Display Driver Exploit

Related: Following Developer Site Hack, NVIDIA Shuts Down Online Store

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Jeremy Koppen has left Mandiant after 13 years to become the CISO of Equifax.

Engineering and technology solutions provider Amentum has appointed Max Shier as its CISO.

PAM provider Keeper Security has appointed Shane Barney as its Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.