NVIDIA Issues Warning to Upgrade Drivers Due to Security Patches

AleksandarK · Aug 5, 2019

NVIDIA has found a total of five security vulnerabilities with its Windows drivers for GeForce, Quadro and Tesla lineup of graphics cards. These new security risks are labeled as very dangerous and have the potential to cause local code execution, denial of service, or escalation of privileges, unless the system is updated. Users are advised to update their Windows drivers as soon as possible in order to stay secure and avoid all of these vulnerabilities, so be sure to check your drivers for latest version. Exploits are only accessible on Windows based OSes, starting from Windows 7 to Windows 10.

However, one fact that's reassuring is that in order to exploit a system, attacker must have local access to the machine that is running NVIDIA GPU, as remote exploit can not happen. Bellow are the tables provided by NVIDIA that show type of exploit along with rating it carries and which driver versions are affected. There are no mitigations for this exploit, as driver update is the only available solution to secure the system.

The vulnerabilities are rated using CVSS V3 base scoring system and they are arranged as following:

CVE-2019-5683 - Most dangerous of all the vulnerabilities. This exploits uses driver's trace logger weakness to create hard links, that software does not check. Attacker could create any link without getting warned by the system and force local code execution, denial of service or escalation of privileges. It is rated with a score of 8.8.
CVE-2019-5684 - Vulnerability which uses carefully crafted shaders in order to cause out of bounds access to input texture array, possibly leading to denial of service or code execution. It is rated with a score of 7.8
CVE-2019-5685 - Vulnerability which also uses carefully crafted shaders in order to cause out of bounds access to shader local temporary array, possibly leading to denial of service or code execution as well. It is rated with a score of 7.8
CVE-2019-5686 - Vulnerability hidden in kernel mode layer handler for DxgkDdiEscape, which uses different data structures and DirectX API functions that are not always valid, leading to denial of service if the API function or data structure is incorrect. It is rated with a score of 5.6.
CVE-2019-5687 - Least dangerous exploit of all five. It is also a problem in kernel model layer handler for DxgkDdiEscape, which may put system at risk if incorrect default permissions are used for an object. This can lead to information disclosure or denial of service. It is rated with a score of 5.2.

View at TechPowerUp Main Site

gmn 17 · Aug 5, 2019

All the single players

Lionheart · Aug 5, 2019

Soon will have Norton Security being bundled with our CPU & GPU purchases... :wtf:

Divide Overflow · Aug 5, 2019

The way you were meant to be played.

biffzinker · Aug 5, 2019

AleksandarK said:
However, one fact that is easing this situation is that in order to exploit a system, attacker must have local access to the machine that is running NVIDIA GPU, as remote exploit can not happen.

Why does the majority of exploits always require local access?

Space Lynx · Aug 5, 2019

Would be interested to see a few game benchmarks before and after next driver release (when they inevitably do more security fixes behind the scenes). RTX 2070 Super vs 5700 XT with high fan curve on 5700 XT - both at stock speeds though - maybe we will have another Intel scenario here and Nvidia gets hurt a tiny few fps making the cards more even.

So basically the story will be if you want security roll AMD in full. Though I suspect they have issues just not found yet lol

medi01 · Aug 5, 2019

AleksandarK said:
However, one fact that is easing this situation is that in order to exploit a system, attacker must have local access to the machine that is running NVIDIA GPU, as remote exploit can not happen

Vayra86 · Aug 5, 2019

@W1zzard any chance you are going to dive into this further?

ZoneDymo · Aug 5, 2019

man, dont let "Turmania" and some others see this, they lost their minds over a fan spinning a bit faster through a driver update.
This will straight up make them suicidal I recon.

IceShroom · Aug 5, 2019

Security holes in Nvidia card!!! Only low quality AMD has security holes. :rolleyes:

Vayra86 said:
@W1zzard any chance you are going to dive into this further?

Probably not. If W1zzard do TechpowerUp will not recieve any Nvidia GPU from both Nvidia and its GPP Partners.

ExV6k · Aug 5, 2019

Upgrade to what version goddamnit?

AleksandarK · Aug 5, 2019

ExV6k said:
Upgrade to what version goddamnit?

NVIDIA Issues Warning to Upgrade Drivers Due to Security Patches

NVIDIA has found a total of five security vulnerabilities with its Windows drivers for GeForce, Quadro and Tesla lineup of graphics cards. These new security risks are labeled as very dangerous and have the potential to cause local code execution, denial of service, or escalation of privileges...

www.techpowerup.com

Recus · Aug 5, 2019

medi01 said:

Has AMD fixed Epyc flaws found by CTS-Labs? Every shill said "attacker must have local access to the machine that is running Epyc CPU, as remote exploit can not happen" ?

Bwaze · Aug 5, 2019

Didn't AMD Epyc flaws also require Administrator privileges, in which case you're already screwed?

rtwjunkie · Aug 5, 2019

gmn 17 said:
All the single players

This incomplete sentance has me scratching my head the last couple of minutes. Could you be more clear, please, in what you are saying?

medi01 · Aug 5, 2019

Recus said:
Has AMD fixed Epyc flaws found by CTS-Labs? Every shill said "attacker must have local access to the machine that is running Epyc CPU, as remote exploit can not happen" ?

Linus said "fuck 'em" and AMD didn't bother fixing "if someone can put shit onto your BIOS, it means someone can put shit on your computer", as terribly vulnerably vulnerable it is, I think.

Linus Torvalds slams CTS Labs over AMD vulnerability report

Linux's creator said he thinks CTS Labs' AMD chip security report "looks more like stock manipulation than a security advisory" and questions an industry.

www.zdnet.com

Does it help NV?

Fluffmeister · Aug 5, 2019

Already running 431.60, credit to them for finding and addressing these issues though.

cucker tarlson · Aug 5, 2019

if this is already became an nvidia-amd-intel (????????) discussion,does anyone really think that amd's driver team can find and address security flaws ? even if they did find them they wouldn't bother spending time and money fixing it.they can't deal with a fan speed on rx5700xt and it's been a month already.

medi01 · Aug 5, 2019

cucker tarlson said:
...does anyone really think that amd's driver team can find and address security flaws ?

Or CPU team, for that matter?
Just think about it:
Intel: 100k employees
NVidia: 13k employees
AMD: 10k employees

We don't know about AMDs Spectre, Meltdown, Zombielend, BlueBazinga as well as, on GPU side of things, CVE-2019-1337, CVE-2019-1337-2, CVE-2019-1337-911 only because they simply lack the manpower to discover all that crap.

It is really unfair, when I think about it, one company simply doesn't give a flying Huang about discovering security issue and simply pretends to be secure, while others that do are deep in shit.

Very Bad! (c) Trump

phanbuey · Aug 5, 2019

Recus said:
Has AMD fixed Epyc flaws found by CTS-Labs? Every shill said "attacker must have local access to the machine that is running Epyc CPU, as remote exploit can not happen" ?

Look man, if an attacker has local admin access to your machine, has disabled windows virtualization security, and can execute any code they want locally.

Then they can use this exploit to execute code locally.

It's really terrifying stuff.

Axaion · Aug 5, 2019

While theyre at it, they can work on that DPC latency, would be nice.

SIGSEGV · Aug 5, 2019

Recus said:
Has AMD fixed Epyc flaws found by CTS-Labs? Every shill said "attacker must have local access to the machine that is running Epyc CPU, as remote exploit can not happen" ?

lol. epic failed. :nutkick:

it's been a long time avoiding driver update, finally, I have to update the driver.

dorsetknob · Aug 5, 2019

ExV6k said:
Upgrade to what version goddamnit?

You upgrade to a 2080ti-super of Course

Icy1007 · Aug 5, 2019

Meh, doesn't appear to be very significant.

lexluthermiester · Aug 5, 2019

biffzinker said:
Why does the majority of exploits always require local access?

Because the way they work requires direct access to the hardware. Remote attacks are either extremely difficult or impossible.

System Name	Boomer Master Race
Processor	AMD Ryzen 7 7735HS APU
Motherboard	BareBones Mini PC MB
Cooling	Mini PC Cooling
Memory	Crucial 32GB 4800MHz
Video Card(s)	AMD Radeon 680M 8GB IGPU
Storage	Crucial 500GB M.2 SSD + 2TB Ext HDD
Display(s)	Sony 4K Bravia X85J 43Inch TV 120Hz
Case	Beelink Mini PC Chassis
Audio Device(s)	Built In Realtek Digital Audio HD
Power Supply	120w Power Brick
Mouse	Logitech G203 Lightsync
Keyboard	Atrix RGB Slim Keyboard
VR HMD	( ◔ ʖ̯ ◔ )
Software	Windows 10 Home 64bit
Benchmark Scores	Don't do them anymore.

Processor	Ryzen 9 5900X
Motherboard	Gigabyte X570 Aorus Master
Cooling	ARCTIC Liquid Freezer II 360 A-RGB
Memory	32 GB Ballistix Elite DDR4-3600 CL16
Video Card(s)	XFX 6800 XT Speedster Merc 319 Black
Storage	Sabrent Rocket NVMe 4.0 1TB
Display(s)	LG 27GL850B x 2 / ASUS MG278Q
Case	be quiet! Silent Base 802
Audio Device(s)	Sound Blaster AE-7 / Sennheiser HD 660S
Power Supply	Seasonic Prime 750W Titanium
Software	Windows 11 Pro 64

Processor	Ryzen 9 5900X
Motherboard	MSI B450 Tomahawk ATX
Cooling	Cooler Master Hyper 212 Black Edition
Memory	VENGEANCE LPX 2 x 16GB DDR4-3600 C18 OCed 3800
Video Card(s)	XFX Speedster SWFT309 AMD Radeon RX 6700 XT CORE Gaming
Storage	970 EVO NVMe M.2 500 GB, 870 QVO 1 TB
Display(s)	Samsung 28” 4K monitor
Case	Phantek Eclipse P400S (PH-EC416PS)
Audio Device(s)	EVGA NU Audio
Power Supply	EVGA 850 BQ
Mouse	SteelSeries Rival 310
Keyboard	Logitech G G413 Silver
Software	Windows 10 Professional 64-bit v22H2

System Name	M3401 notebook
Processor	5600H
Motherboard	NA
Memory	16GB
Video Card(s)	3050
Storage	500GB SSD
Display(s)	14" OLED screen of the laptop
Software	Windows 10
Benchmark Scores	3050 scores good 15-20% lower than average, despite ASUS's claims that it has uber cooling.

Processor	i7 8700k 4.6Ghz @ 1.24V
Motherboard	AsRock Fatal1ty K6 Z370
Cooling	beQuiet! Dark Rock Pro 3
Memory	16GB Corsair Vengeance LPX 3200/C16
Video Card(s)	ASRock RX7900XT Phantom Gaming
Storage	Samsung 850 EVO 1TB + Samsung 830 256GB + Crucial BX100 250GB + Toshiba 1TB HDD
Display(s)	Gigabyte G34QWC (3440x1440)
Case	Fractal Design Define R5
Audio Device(s)	Harman Kardon AVR137 + 2.1
Power Supply	EVGA Supernova G2 750W
Mouse	XTRFY M42
Keyboard	Lenovo Thinkpad Trackpoint II
Software	W10 x64

NVIDIA Issues Warning to Upgrade Drivers Due to Security Patches

AleksandarK

News Editor

gmn 17

Lionheart

Divide Overflow

biffzinker

Space Lynx

Astronaut

medi01

Vayra86

ZoneDymo

IceShroom

ExV6k

AleksandarK

News Editor

NVIDIA Issues Warning to Upgrade Drivers Due to Security Patches

Recus

Bwaze

rtwjunkie

PC Gaming Enthusiast

medi01

Linus Torvalds slams CTS Labs over AMD vulnerability report

Fluffmeister

cucker tarlson

medi01

phanbuey

Axaion

SIGSEGV

dorsetknob

"YOUR RMA REQUEST IS CON-REFUSED"

Icy1007

lexluthermiester

System Name	Cyberline
Processor	Intel Core i7 2600k -> 12600k
Motherboard	Asus P8P67 LE Rev 3.0 -> Gigabyte Z690 Auros Elite DDR4
Cooling	Tuniq Tower 120 -> Custom Watercoolingloop
Memory	Corsair (4x2) 8gb 1600mhz -> Crucial (8x2) 16gb 3600mhz
Video Card(s)	AMD RX480 -> ... nope still the same :'(
Storage	Samsung 750 Evo 250gb SSD + WD 1tb x 2 + WD 2tb -> 2tb MVMe SSD
Display(s)	Philips 32inch LPF5605H (television) -> Dell S3220DGF
Case	antec 600 -> Thermaltake Tenor HTCP case
Audio Device(s)	Focusrite 2i4 (USB)
Power Supply	Seasonic 620watt 80+ Platinum
Mouse	Elecom EX-G
Keyboard	Rapoo V700
Software	Windows 10 Pro 64bit

Processor	Intel Core i5 4590
Motherboard	Gigabyte Z97x Gaming 3
Cooling	Intel Stock Cooler
Memory	8GiB(2x4GiB) DDR3-1600 [800MHz]
Video Card(s)	XFX RX 560D 4GiB
Storage	Transcend SSD370S 128GB; Toshiba DT01ACA100 1TB HDD
Display(s)	Samsung S20D300 20" 768p TN
Case	Cooler Master MasterBox E501L
Audio Device(s)	Realtek ALC1150
Power Supply	Corsair VS450
Mouse	A4Tech N-70FX
Software	Windows 10 Pro
Benchmark Scores	BaseMark GPU : 250 Point in HD 4600

System Name	RED
Processor	Intel Core i5 2500
Motherboard	Gigabyte GA-B75M-HD3
Cooling	Cooler Master Hyper 212 Evo
Memory	2x8GB 1600MHz DDR3 @1333 [Avexir]
Video Card(s)	Gigabyte GeForce GTX 1060 3GB Windforce 2X OC
Storage	1Samsung 840 Series SSD 250GB, 2Seagate Barracuda 1TB HDDs
Display(s)	LG W1934S
Case	Aerocool X-Warrior Red Devil Edition
Audio Device(s)	Realtek ALC887
Power Supply	Seasonic M12II Evo 520W (80+ Bronze)
Mouse	Cooler Master Devastator II Mouse
Keyboard	Cooler Master Devastator II Keyboard

Processor	Intel
Motherboard	MSI
Cooling	Cooler Master
Memory	Corsair
Video Card(s)	Nvidia
Storage	Samsung/Western Digital/ADATA
Display(s)	Samsung
Case	Thermaltake
Audio Device(s)	On Board
Power Supply	Seasonic
Mouse	A4TECH
Keyboard	UniKey
Software	Windows 10 x64

System Name	Bayou Phantom
Processor	Core i7-8700k 4.4Ghz @ 1.18v
Motherboard	ASRock Z390 Phantom Gaming 6
Cooling	All air: 2x140mm Fractal exhaust; 3x 140mm Cougar Intake; Enermax T40F Black CPU cooler
Memory	2x 16GB Mushkin Redline DDR-4 3200
Video Card(s)	EVGA RTX 2080 Ti Xc
Storage	1x 500 MX500 SSD; 2x 6TB WD Black; 1x 4TB WD Black; 1x400GB VelRptr; 1x 4TB WD Blue storage (eSATA)
Display(s)	HP 27q 27" IPS @ 2560 x 1440
Case	Fractal Design Define R4 Black w/Titanium front -windowed
Audio Device(s)	Soundblaster Z
Power Supply	Seasonic X-850
Mouse	Coolermaster Sentinel III (large palm grip!)
Keyboard	Logitech G610 Orion mechanical (Cherry Brown switches)
Software	Windows 10 Pro 64-bit (Start10 & Fences 3.0 installed)

Processor	AMD Ryzen 7 3700X
Motherboard	MSI MAG B550 TOMAHAWK
Cooling	AMD Wraith Prism
Memory	Team Group Dark Pro 8Pack Edition 3600Mhz CL16
Video Card(s)	NVIDIA GeForce RTX 3080 FE
Storage	Kingston A2000 1TB + Seagate HDD workhorse
Display(s)	Samsung 50" QN94A Neo QLED
Case	Antec 1200
Power Supply	Seasonic Focus GX-850
Mouse	Razer Deathadder Chroma
Keyboard	Logitech UltraX
Software	Windows 11

System Name	Purple rain
Processor	10.5 thousand 4.2G 1.1v
Motherboard	Zee 490 Aorus Elite
Cooling	Noctua D15S
Memory	16GB 4133 CL16-16-16-31 Viper Steel
Video Card(s)	RTX 2070 Super Gaming X Trio
Storage	SU900 128,8200Pro 1TB,850 Pro 512+256+256,860 Evo 500,XPG950 480, Skyhawk 2TB
Display(s)	Acer XB241YU+Dell S2716DG
Case	P600S Silent w. Alpenfohn wing boost 3 ARGBT+ fans
Audio Device(s)	K612 Pro w. FiiO E10k DAC,W830BT wireless
Power Supply	Superflower Leadex Gold 850W
Mouse	G903 lightspeed+powerplay,G403 wireless + Steelseries DeX + Roccat rest
Keyboard	HyperX Alloy SilverSpeed (w.HyperX wrist rest),Razer Deathstalker
Software	Windows 10
Benchmark Scores	A LOT

Processor	13700KF Undervolted @ 5.6/ 5.5, 4.8Ghz Ring 200W PL1
Motherboard	MSI 690-I PRO
Cooling	Thermalright Peerless Assassin 120 w/ Arctic P12 Fans
Memory	48 GB DDR5 7600 MHZ CL36
Video Card(s)	RTX 4090 FE
Storage	2x 2TB WDC SN850, 1TB Samsung 960 prr
Display(s)	Alienware 32" 4k 240hz OLED
Case	SLIGER S620
Audio Device(s)	Yes
Power Supply	Corsair SF750
Mouse	Xlite V2
Keyboard	RoyalAxe
Software	Windows 11
Benchmark Scores	They're pretty good, nothing crazy.

System Name	Bongfjaes
Processor	AMD 3700x
Motherboard	Assus Crosshair VII Hero
Cooling	Dark Rock Pro 4
Memory	2x8GB G.Skill FlareX 3200MT/s CL14
Video Card(s)	GTX 970
Storage	Adata SX8200 Pro 1TB + Lots of spinning rust
Display(s)	Viewsonic VX2268wm
Case	Fractal Design R6
Audio Device(s)	Creative SoundBlaster AE-5
Power Supply	Seasonic TTR-1000
Mouse	Pro Intellimouse
Keyboard	SteelKeys 6G