NVIDIA's GeForce 376.33 WHQL Drivers Fix Multiple Kernel Faults; Update ASAP

[Raevenlord]

If you're one of those people who doesn't regularly update their graphics card drivers, and you're rocking an NVIDIA graphics card, you really should update your drivers to the latest WHQL version, 376.33. The release notes and a security bulletin issued by the company point towards the fixing of multiple detected kernel layer (nvlddmkm.sys) vulnerabilities in NVIDIA's previous driver releases, which could "Lead to a Denial of Service, Escalation of Privileges, or Both".

In total, there are seven reported vulnerabilities as having been fixed, with NVIDIA acknowledging contributions in the issues' detection from engineers with Google Project Zero and Cisco Talos.



View at TechPowerUp Main Site

 

[qubit]

Great, now we have security headaches to add to stability issues.

 

[robert3892]

This new driver however doesn't fix the folding @ home problems yet.

 

[birdie]

None of these vulnerabilities is remotely exploitable so there's no need to cry foul.

And 99% of home users are administrators so there are even fewer reasons to worry. Worry about having your system up to date (specially your web browser, Adobe Flash and JavaSE) and running an effective AV program (MS Security Essentials is not one of them) - my favorites are Kaspersky, F-Secure and BitDefender.

And if you're really paranoid/obsessed with security you should not be running Windows (specially 10) in the first place. Run Linux or better yet FreeBSD - almost zero hackers target it.

 

[W1zzard]

None of these vulnerabilities is remotely exploitable so there's no need to cry foul.

Why not? Sending extescapes is easy, GPU-Z does it all the time. Crashing the system is easy. Crafting the right payload for privilege escalation isn't trivial but I see no obstacles

Edit: I misread "remotely" as "low chance" and not as "over the internet". My bad, sorry.

 

[Solidstate89]

Great, now we have security headaches to add to stability issues.

GPU drivers run in Ring 0 alongside the kernel. Security issues were always part and parcel with them. Whether you choose to acknowledge or ignore it is up to you, but nothing has changed over the last decade.

WDDM (especially WDDM 2.0) has done a good job of hardening GPU drivers against attack, but if it runs on your computer, it can be used as an attack surface. This is especially true for anything that runs at the kernel level.

 

[bug]

Great, now we have security headaches to add to stability issues.

Now? We've had these headaches since the drivers ran at kernel level.

 

[qubit]

Now? We've had these headaches since the drivers ran at kernel level.

I don't remember seeing advisories for this before.

 

[bug]

I don't remember seeing advisories for this before.

So what, you worry about a problem only when you hear about it? If it's in the kernel, it's an attack vector.

 

[qubit]

So what, you worry about a problem only when you hear about it? If it's in the kernel, it's an attack vector.

What the hell is your problem?

 

[pat-roner]

Better update to this, so that I can update to the hotfix next week and have that break my card. Damn I hate nvidia drivers....

 

[bug]

What the hell is your problem?

You said

Great, now we have security headaches to add to stability issues.

I'm saying any driver is a security headache. That's part of the reason Microsoft came up with WHQL.
This is not a new problem by any account.

So my question is: did you only start to worry about driver security now that you've read about this instance?

 

[PinkMachine]

This is the kind of update I am willing to download without any whining. There's no fiddling with security fellas.

On the other hand I do not give a darn about 450MB update, released once a week, which removes SLI possbility in Titanfall 2 due to some stability issues that do not affect me by any means and never will.

#NeverEndingStory.

 

[Deleted member 50521]

nvidia driver seems to be nothing but headache these days.

 

[the54thvoid]

nvidia driver seems to be nothing but headache these days.

Both teams. How many Crimson hot fixes in past 6 months? The good thing is - Nvidia have acted upon it and released info on it. Just as AMD release the hotfixes (as do NV). If you want bad reaction - look at how Apple doesn't tend to openly acknowledge any issue, just pretends it wasn't there in the first place and quietly fixes it. It's ALL about perceptions of software stability. In reality - they're all hackable.

 

[bug]

nvidia driver seems to be nothing but headache these days.

Don't worry about it, a similar update is likely incoming from AMD. The guys who find these don't disclose vulnerabilities for 90 days, since they're 0-days.
Just be happy someone has our back and reports these

 

[RejZoR]

Well, when you move from just displaying fancy graphics to general purpose computing, things like this are to be expected...

 

[birdie]

nvidia driver seems to be nothing but headache these days.

On my Windows 7 I've had exactly zero problems with NVIDIA drivers over the past six to seven years.

Of course, if you OC like crazy, run all sorts of shady applications, believe that SLI is a relatively cheap solution for increasing your games' performance, or use alpha quality OS'es like Windows 10 then you must suffer and it's not NVIDIA's fault.

Well, when you move from just displaying fancy graphics to general purpose computing, things like this are to be expected...

If games had been "general purpose computing" then your post would have made sense. Alas, games are nothing like that. NVIDIA/AMD/Intel drivers have hugely complex compilers/optimizers to run game code - there's nothing like that for the general x86-64 architecture. In fact you run your OS without any CPU driver at all - almost all the optimizations are inside the CPU.

Vulkan and D3D12 were created to make GPUs truly computational devices but it seems like there's still an abstraction layer to run and render your game in your OS and this layer is not exactly foolproof.

 

[BiggieShady]

NVIDIA/AMD/Intel drivers have hugely complex compilers/optimizers to run game code - there's nothing like that for the general x86-64 architecture.

Nope, both drivers and your general purpose apps are built using same hugely complex compilers and same optimizations

In fact you run your OS without any CPU driver at all - almost all the optimizations are inside the CPU.

You have to see your motherboard with its chipset as your platform and it does have chipset drivers including a cpu driver, you see, because driver is such an encompassing word for a piece of software even if we'd say "conventional driver" it still means nothing. Bunch of drivers for known hardware are bundled with OS and active without you actually installing them.
The point is, since 6 years ago, half of the chipset is integrated into a CPU and cpu driver is a thing - it is intelppm.sys and it's bundled with chipset drivers and does very little thanks to bios flashing and microcode updates. It's being executed on a cpu core though as also is a gfx driver. Gfx driver additionally includes the code being executed on the gpu (if you use shaders from the nv control panel like fxaa and hbao)

Vulkan and D3D12 were created to make GPUs truly computational devices

Nope, been truly computational since nvidia's G80 architecture in 2006

seems like there's still an abstraction layer to run and render your game in your OS and this layer is not exactly foolproof.

Thin API doesn't mean it removes API layer completely, just makes it thinner and the whole thing becomes less foolproof. DX12 does have managed mode where you work similarly as with DX11.

 

[dorsetknob]

So what, you worry about a problem only when you hear about it? If it's in the kernel, it's an attack vector.

UNTIL YOU HEAR ABOUT IT ITS NOT A PROBLEM but when you do hear about it Then its a problem ( and you can then Righteously Worry)

I'm saying any driver is a security headache. That's part of the reason Microsoft came up with WHQL.

vulnerabilities in NVIDIA's previous driver releases, which could "Lead to a Denial of Service

And these were WHOL Certified. Fat Good it seems they were then.

 

[LightningJR]

specially

specially

*especially, fyi

im not usually the spelling police but it bothered me since you were flawless otherwise, even on your latest post.


sorry, please continue the proper discussion.

 

[BiggieShady]

*especially, fyi

It can mean the same or not depending on the context
Specially means "particularly, in a distinguishing manner, or for a particular purpose."
Especially means "exceptionally, in a noteworthy manner, or particularly."
So if it's "for a particular purpose" then it can be only specially, otherwise it can be both.
Especially is more commonly used though.

 

[LightningJR]

It can mean the same or not depending on the context
Specially means "particularly, in a distinguishing manner, or for a particular purpose."
Especially means "exceptionally, in a noteworthy manner, or particularly."
So if it's "for a particular purpose" then it can be only specially, otherwise it can be both.
Especially is more commonly used though.

hmm well maybe I am incorrect and his grammar is superior.

 

[Fluffmeister]

Vulnerabilities highlighted, fixes issued.

Drama ensues.

 

[bug]

And these were WHOL Certified. Fat Good it seems they were then.

The goes like this: Windows got a telemetry system and that told Microsoft most of the BSOD were cause by poor drivers. Thus WHQL was born. It wasn't meant to make drivers uncrackable, but to ensure drivers don't do outright stupid things. Judging by the number of BSODs I've seen in the past years WHQL did its job rather well.
And to reiterate my point, kernel drivers could always mess up a system and were always a vector of attack. Seeing someone reporting a vulnerability is nothing out of the ordinary. Unless the driver starts competing with Flash, that is