Monday, August 5th 2019

NVIDIA Issues Warning to Upgrade Drivers Due to Security Patches

NVIDIA has found a total of five security vulnerabilities with its Windows drivers for GeForce, Quadro and Tesla lineup of graphics cards. These new security risks are labeled as very dangerous and have the potential to cause local code execution, denial of service, or escalation of privileges, unless the system is updated. Users are advised to update their Windows drivers as soon as possible in order to stay secure and avoid all of these vulnerabilities, so be sure to check your drivers for latest version. Exploits are only accessible on Windows based OSes, starting from Windows 7 to Windows 10.

However, one fact that's reassuring is that in order to exploit a system, attacker must have local access to the machine that is running NVIDIA GPU, as remote exploit can not happen. Bellow are the tables provided by NVIDIA that show type of exploit along with rating it carries and which driver versions are affected. There are no mitigations for this exploit, as driver update is the only available solution to secure the system.

The vulnerabilities are rated using CVSS V3 base scoring system and they are arranged as following:
  • CVE-2019-5683 - Most dangerous of all the vulnerabilities. This exploits uses driver's trace logger weakness to create hard links, that software does not check. Attacker could create any link without getting warned by the system and force local code execution, denial of service or escalation of privileges. It is rated with a score of 8.8.
  • CVE-2019-5684 - Vulnerability which uses carefully crafted shaders in order to cause out of bounds access to input texture array, possibly leading to denial of service or code execution. It is rated with a score of 7.8
  • CVE-2019-5685 - Vulnerability which also uses carefully crafted shaders in order to cause out of bounds access to shader local temporary array, possibly leading to denial of service or code execution as well. It is rated with a score of 7.8
  • CVE-2019-5686 - Vulnerability hidden in kernel mode layer handler for DxgkDdiEscape, which uses different data structures and DirectX API functions that are not always valid, leading to denial of service if the API function or data structure is incorrect. It is rated with a score of 5.6.
  • CVE-2019-5687 - Least dangerous exploit of all five. It is also a problem in kernel model layer handler for DxgkDdiEscape, which may put system at risk if incorrect default permissions are used for an object. This can lead to information disclosure or denial of service. It is rated with a score of 5.2.
Add your own comment

32 Comments on NVIDIA Issues Warning to Upgrade Drivers Due to Security Patches

#1
gmn 17
All the single players
Posted on Reply
#2
Lionheart
Soon will have Norton Security being bundled with our CPU & GPU purchases... :wtf:
Posted on Reply
#4
biffzinker
AleksandarK, post: 4092160, member: 187454"
However, one fact that is easing this situation is that in order to exploit a system, attacker must have local access to the machine that is running NVIDIA GPU, as remote exploit can not happen.
Why does the majority of exploits always require local access?
Posted on Reply
#5
lynx29
Would be interested to see a few game benchmarks before and after next driver release (when they inevitably do more security fixes behind the scenes). RTX 2070 Super vs 5700 XT with high fan curve on 5700 XT - both at stock speeds though - maybe we will have another Intel scenario here and Nvidia gets hurt a tiny few fps making the cards more even.

So basically the story will be if you want security roll AMD in full. Though I suspect they have issues just not found yet lol
Posted on Reply
#6
medi01
AleksandarK, post: 4092160, member: 187454"
However, one fact that is easing this situation is that in order to exploit a system, attacker must have local access to the machine that is running NVIDIA GPU, as remote exploit can not happen
Posted on Reply
#7
Vayra86
@W1zzard any chance you are going to dive into this further?
Posted on Reply
#8
ZoneDymo
man, dont let "Turmania" and some others see this, they lost their minds over a fan spinning a bit faster through a driver update.
This will straight up make them suicidal I recon.
Posted on Reply
#9
IceShroom
Security holes in Nvidia card!!! Only low quality AMD has security holes. :rolleyes:

Vayra86, post: 4092472, member: 152404"
@W1zzard any chance you are going to dive into this further?
Probably not. If W1zzard do TechpowerUp will not recieve any Nvidia GPU from both Nvidia and its GPP Partners.
Posted on Reply
#10
ExV6k
Upgrade to what version goddamnit?
Posted on Reply
#12
Recus
medi01, post: 4092471, member: 158537"

Has AMD fixed Epyc flaws found by CTS-Labs? Every shill said "attacker must have local access to the machine that is running Epyc CPU, as remote exploit can not happen" ?
Posted on Reply
#13
Bwaze
Didn't AMD Epyc flaws also require Administrator privileges, in which case you're already screwed?
Posted on Reply
#14
rtwjunkie
PC Gaming Enthusiast
gmn 17, post: 4092460, member: 100603"
All the single players
This incomplete sentance has me scratching my head the last couple of minutes. Could you be more clear, please, in what you are saying?
Posted on Reply
#15
medi01
Recus, post: 4092517, member: 96809"
Has AMD fixed Epyc flaws found by CTS-Labs? Every shill said "attacker must have local access to the machine that is running Epyc CPU, as remote exploit can not happen" ?
Linus said "fuck 'em" and AMD didn't bother fixing "if someone can put shit onto your BIOS, it means someone can put shit on your computer", as terribly vulnerably vulnerable it is, I think.

https://www.zdnet.com/article/linus-torvalds-slams-cts-labs-over-amd-vulnerability-report/


Does it help NV?
Posted on Reply
#16
Fluffmeister
Already running 431.60, credit to them for finding and addressing these issues though.
Posted on Reply
#17
cucker tarlson
if this is already became an nvidia-amd-intel (????????) discussion,does anyone really think that amd's driver team can find and address security flaws ? even if they did find them they wouldn't bother spending time and money fixing it.they can't deal with a fan speed on rx5700xt and it's been a month already.
Posted on Reply
#18
medi01
cucker tarlson, post: 4092553, member: 173472"
...does anyone really think that amd's driver team can find and address security flaws ?
Or CPU team, for that matter?
Just think about it:
Intel: 100k employees
NVidia: 13k employees
AMD: 10k employees

We don't know about AMDs Spectre, Meltdown, Zombielend, BlueBazinga as well as, on GPU side of things, CVE-2019-1337, CVE-2019-1337-2, CVE-2019-1337-911 only because they simply lack the manpower to discover all that crap.

It is really unfair, when I think about it, one company simply doesn't give a flying Huang about discovering security issue and simply pretends to be secure, while others that do are deep in shit.

Very Bad! (c) Trump

[MEDIA=giphy]107R6VQWcEpyjC[/MEDIA]
Posted on Reply
#19
phanbuey
Recus, post: 4092517, member: 96809"
Has AMD fixed Epyc flaws found by CTS-Labs? Every shill said "attacker must have local access to the machine that is running Epyc CPU, as remote exploit can not happen" ?
Look man, if an attacker has local admin access to your machine, has disabled windows virtualization security, and can execute any code they want locally.

Then they can use this exploit to execute code locally.

It's really terrifying stuff.
Posted on Reply
#20
Axaion
While theyre at it, they can work on that DPC latency, would be nice.
Posted on Reply
#21
SIGSEGV
Recus, post: 4092517, member: 96809"
Has AMD fixed Epyc flaws found by CTS-Labs? Every shill said "attacker must have local access to the machine that is running Epyc CPU, as remote exploit can not happen" ?
lol. epic failed. :nutkick:

it's been a long time avoiding driver update, finally, I have to update the driver.
Posted on Reply
#22
dorsetknob
"YOUR RMA REQUEST IS CON-REFUSED"
ExV6k, post: 4092499, member: 168246"
Upgrade to what version goddamnit?
You upgrade to a 2080ti-super of Course :)
Posted on Reply
#23
Icy1007
Meh, doesn't appear to be very significant.
Posted on Reply
#24
lexluthermiester
biffzinker, post: 4092464, member: 163731"
Why does the majority of exploits always require local access?
Because the way they work requires direct access to the hardware. Remote attacks are either extremely difficult or impossible.
Posted on Reply
#25
R-T-B
biffzinker, post: 4092464, member: 163731"
Why does the majority of exploits always require local access?
Because most code doesn't feature a netstack.

lexluthermiester, post: 4092769, member: 134537"
Because the way they work requires direct access to the hardware. Remote attacks are either extremely difficult or impossible.
It's nothing to do with that, really. It's more that nvidia is not stupid and has not given their core driver network access.

medi01, post: 4092526, member: 158537"
Linus said "fuck 'em" and AMD didn't bother fixing "if someone can put shit onto your BIOS, it means someone can put shit on your computer", as terribly vulnerably vulnerable it is, I think.
It was a code signature verification exploit that actually did get patched in later AGESA.

The whole idea behind trusted execution is that someone CAN write to your bios and get nowhere, really. The sigcheck fails (or should).

phanbuey, post: 4092627, member: 45008"
Then they can use this exploit to execute code locally.
Without admin rights, they can get admin rights.

That's the concern here.
Posted on Reply
Add your own comment