• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

NVIDIA Issues Warning to Upgrade Drivers Due to Security Patches

Joined
Aug 20, 2007
Messages
21,400 (3.41/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
Why does the majority of exploits always require local access?

Because most code doesn't feature a netstack.

Because the way they work requires direct access to the hardware. Remote attacks are either extremely difficult or impossible.

It's nothing to do with that, really. It's more that nvidia is not stupid and has not given their core driver network access.

Linus said "fuck 'em" and AMD didn't bother fixing "if someone can put shit onto your BIOS, it means someone can put shit on your computer", as terribly vulnerably vulnerable it is, I think.

It was a code signature verification exploit that actually did get patched in later AGESA.

The whole idea behind trusted execution is that someone CAN write to your bios and get nowhere, really. The sigcheck fails (or should).

Then they can use this exploit to execute code locally.

Without admin rights, they can get admin rights.

That's the concern here.
 
Joined
Aug 20, 2007
Messages
21,400 (3.41/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
That's not always needed.

You need to exploit something with a netstack to get a foothold to begin ANY code execution. No port? No exploit surface. So yeah, it is. If nothing is network aware good luck talking to a machine that is quite literally mute.

I would not be surprised if someday the nvidia telemetry components come back and bite them though... they most certainly talk to the net.
 
Joined
Nov 13, 2007
Messages
10,678 (1.72/day)
Location
Austin Texas
System Name Planet Espresso
Processor 13700KF @ 5.5GHZ 1.285v - 235W cap
Motherboard MSI 690-I PRO
Cooling Thermalright Phantom Spirit EVO
Memory 48 GB DDR5 7600 MHZ CL36
Video Card(s) RTX 4090 FE
Storage 2TB WD SN850, 4TB WD SN850X
Display(s) Alienware 32" 4k 240hz OLED
Case Jonsbo Z20
Audio Device(s) Yes
Power Supply Corsair SF750
Mouse Xlite V2
Keyboard 65% HE Keyboard
Software Windows 11
Benchmark Scores They're pretty good, nothing crazy.
You need to exploit something with a netstack to get a foothold to begin ANY code execution. No port? No exploit surface. So yeah, it is. If nothing is network aware good luck talking to a machine that is quite literally mute.

I would not be surprised if someday the nvidia telemetry components come back and bite them though... they most certainly talk to the net.

I kind of hope that they do. There really is no reason why I need my graphics card that i use to play stupid video-games sending back data to nvidia.
 
Joined
Mar 10, 2015
Messages
3,984 (1.13/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
Why does the majority of exploits always require local access?

It doesn't really matter because many attacks are a chain of exploits anyway. It is almost never one and done.
 
Joined
Jul 5, 2013
Messages
27,347 (6.61/day)
You need to exploit something with a netstack to get a foothold to begin ANY code execution. No port? No exploit surface. So yeah, it is. If nothing is network aware good luck talking to a machine that is quite literally mute.
Code injections don't need such a vector of attack.
 
Joined
Aug 20, 2007
Messages
21,400 (3.41/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
Code injections don't need such a vector of attack.

Ah. I suppose you mean like something executed via say a trojan horse on a usb stick that then opens more facilities to the attacker?

Touche. It's certainly doable for high value targets.
 
Joined
Jul 5, 2013
Messages
27,347 (6.61/day)
Ah. I suppose you mean like something executed via say a trojan horse on a usb stick that then opens more facilities to the attacker?

Touche. It's certainly doable for high value targets.
And a few others, yeah. The catch is, it has to be an admin account that runs any such injection.
 
Top