NVIDIA Issues Warning to Upgrade Drivers Due to Security Patches

AleksandarK · Aug 5, 2019

NVIDIA has found a total of five security vulnerabilities with its Windows drivers for GeForce, Quadro and Tesla lineup of graphics cards. These new security risks are labeled as very dangerous and have the potential to cause local code execution, denial of service, or escalation of privileges, unless the system is updated. Users are advised to update their Windows drivers as soon as possible in order to stay secure and avoid all of these vulnerabilities, so be sure to check your drivers for latest version. Exploits are only accessible on Windows based OSes, starting from Windows 7 to Windows 10.

However, one fact that's reassuring is that in order to exploit a system, attacker must have local access to the machine that is running NVIDIA GPU, as remote exploit can not happen. Bellow are the tables provided by NVIDIA that show type of exploit along with rating it carries and which driver versions are affected. There are no mitigations for this exploit, as driver update is the only available solution to secure the system.

The vulnerabilities are rated using CVSS V3 base scoring system and they are arranged as following:

CVE-2019-5683 - Most dangerous of all the vulnerabilities. This exploits uses driver's trace logger weakness to create hard links, that software does not check. Attacker could create any link without getting warned by the system and force local code execution, denial of service or escalation of privileges. It is rated with a score of 8.8.
CVE-2019-5684 - Vulnerability which uses carefully crafted shaders in order to cause out of bounds access to input texture array, possibly leading to denial of service or code execution. It is rated with a score of 7.8
CVE-2019-5685 - Vulnerability which also uses carefully crafted shaders in order to cause out of bounds access to shader local temporary array, possibly leading to denial of service or code execution as well. It is rated with a score of 7.8
CVE-2019-5686 - Vulnerability hidden in kernel mode layer handler for DxgkDdiEscape, which uses different data structures and DirectX API functions that are not always valid, leading to denial of service if the API function or data structure is incorrect. It is rated with a score of 5.6.
CVE-2019-5687 - Least dangerous exploit of all five. It is also a problem in kernel model layer handler for DxgkDdiEscape, which may put system at risk if incorrect default permissions are used for an object. This can lead to information disclosure or denial of service. It is rated with a score of 5.2.

View at TechPowerUp Main Site

gmn17 · Aug 5, 2019

All the single players

Lionheart · Aug 5, 2019

Soon will have Norton Security being bundled with our CPU & GPU purchases... :wtf:

Divide Overflow · Aug 5, 2019

The way you were meant to be played.

biffzinker · Aug 5, 2019

AleksandarK said:
However, one fact that is easing this situation is that in order to exploit a system, attacker must have local access to the machine that is running NVIDIA GPU, as remote exploit can not happen.

Why does the majority of exploits always require local access?

Space Lynx · Aug 5, 2019

Would be interested to see a few game benchmarks before and after next driver release (when they inevitably do more security fixes behind the scenes). RTX 2070 Super vs 5700 XT with high fan curve on 5700 XT - both at stock speeds though - maybe we will have another Intel scenario here and Nvidia gets hurt a tiny few fps making the cards more even.

So basically the story will be if you want security roll AMD in full. Though I suspect they have issues just not found yet lol

medi01 · Aug 5, 2019

AleksandarK said:
However, one fact that is easing this situation is that in order to exploit a system, attacker must have local access to the machine that is running NVIDIA GPU, as remote exploit can not happen

Vayra86 · Aug 5, 2019

@W1zzard any chance you are going to dive into this further?

ZoneDymo · Aug 5, 2019

man, dont let "Turmania" and some others see this, they lost their minds over a fan spinning a bit faster through a driver update.
This will straight up make them suicidal I recon.

IceShroom · Aug 5, 2019

Security holes in Nvidia card!!! Only low quality AMD has security holes. :rolleyes:

Vayra86 said:
@W1zzard any chance you are going to dive into this further?

Probably not. If W1zzard do TechpowerUp will not recieve any Nvidia GPU from both Nvidia and its GPP Partners.

ExV6k · Aug 5, 2019

Upgrade to what version goddamnit?

AleksandarK · Aug 5, 2019

ExV6k said:
Upgrade to what version goddamnit?

NVIDIA Issues Warning to Upgrade Drivers Due to Security Patches

NVIDIA has found a total of five security vulnerabilities with its Windows drivers for GeForce, Quadro and Tesla lineup of graphics cards. These new security risks are labeled as very dangerous and have the potential to cause local code execution, denial of service, or escalation of privileges...

www.techpowerup.com

Recus · Aug 5, 2019

medi01 said:

Has AMD fixed Epyc flaws found by CTS-Labs? Every shill said "attacker must have local access to the machine that is running Epyc CPU, as remote exploit can not happen" ?

Bwaze · Aug 5, 2019

Didn't AMD Epyc flaws also require Administrator privileges, in which case you're already screwed?

rtwjunkie · Aug 5, 2019

gmn 17 said:
All the single players

This incomplete sentance has me scratching my head the last couple of minutes. Could you be more clear, please, in what you are saying?

medi01 · Aug 5, 2019

Recus said:
Has AMD fixed Epyc flaws found by CTS-Labs? Every shill said "attacker must have local access to the machine that is running Epyc CPU, as remote exploit can not happen" ?

Linus said "fuck 'em" and AMD didn't bother fixing "if someone can put shit onto your BIOS, it means someone can put shit on your computer", as terribly vulnerably vulnerable it is, I think.

Linus Torvalds slams CTS Labs over AMD vulnerability report

Linux's creator said he thinks CTS Labs' AMD chip security report "looks more like stock manipulation than a security advisory" and questions an industry.

www.zdnet.com

Does it help NV?

Fluffmeister · Aug 5, 2019

Already running 431.60, credit to them for finding and addressing these issues though.

cucker tarlson · Aug 5, 2019

if this is already became an nvidia-amd-intel (????????) discussion,does anyone really think that amd's driver team can find and address security flaws ? even if they did find them they wouldn't bother spending time and money fixing it.they can't deal with a fan speed on rx5700xt and it's been a month already.

medi01 · Aug 5, 2019

cucker tarlson said:
...does anyone really think that amd's driver team can find and address security flaws ?

Or CPU team, for that matter?
Just think about it:
Intel: 100k employees
NVidia: 13k employees
AMD: 10k employees

We don't know about AMDs Spectre, Meltdown, Zombielend, BlueBazinga as well as, on GPU side of things, CVE-2019-1337, CVE-2019-1337-2, CVE-2019-1337-911 only because they simply lack the manpower to discover all that crap.

It is really unfair, when I think about it, one company simply doesn't give a flying Huang about discovering security issue and simply pretends to be secure, while others that do are deep in shit.

Very Bad! (c) Trump

phanbuey · Aug 5, 2019

Recus said:
Has AMD fixed Epyc flaws found by CTS-Labs? Every shill said "attacker must have local access to the machine that is running Epyc CPU, as remote exploit can not happen" ?

Look man, if an attacker has local admin access to your machine, has disabled windows virtualization security, and can execute any code they want locally.

Then they can use this exploit to execute code locally.

It's really terrifying stuff.

Axaion · Aug 5, 2019

While theyre at it, they can work on that DPC latency, would be nice.

SIGSEGV · Aug 5, 2019

Recus said:
Has AMD fixed Epyc flaws found by CTS-Labs? Every shill said "attacker must have local access to the machine that is running Epyc CPU, as remote exploit can not happen" ?

lol. epic failed. :nutkick:

it's been a long time avoiding driver update, finally, I have to update the driver.

dorsetknob · Aug 5, 2019

ExV6k said:
Upgrade to what version goddamnit?

You upgrade to a 2080ti-super of Course

Icy1007 · Aug 5, 2019

Meh, doesn't appear to be very significant.

lexluthermiester · Aug 5, 2019

biffzinker said:
Why does the majority of exploits always require local access?

Because the way they work requires direct access to the hardware. Remote attacks are either extremely difficult or impossible.

System Name	Intel NUC 12 Extreme
Processor	Intel Core i7 12700 (E Cores Disabled)
Motherboard	Intel NUC Module Motherboard
Cooling	NUC Blower Cooler + 3 x 92mm Fans
Memory	64GB Corsair 3200Mhz CL22
Video Card(s)	PowerColor RX 9070 16GB Reaper
Storage	Silicon 512GB Gen4 SSD + 256GB SD Card
Display(s)	Sony 4K Bravia X85J 43Inch TV 120Hz
Case	Intel NUC 12 Extreme Mini ITX Case
Audio Device(s)	Realtek Audio + Dolby Atmos
Power Supply	SFX FSP 650 Gold Rated PSU
Mouse	Logitech G203 Lightsync Mouse
Keyboard	Red Dragon K552W RGB White KB.
VR HMD	( ◔ ʖ̯ ◔ )
Software	Windows 10 Home 64bit
Benchmark Scores	None. I also own a Apple Macbook Air M2

Processor	Ryzen 9 5900X
Motherboard	Gigabyte X570 Aorus Master
Cooling	ARCTIC Liquid Freezer III 360 A-RGB
Memory	32 GB Ballistix Elite DDR4-3600 CL16
Video Card(s)	XFX 6800 XT Speedster Merc 319 Black
Storage	Sabrent Rocket NVMe 4.0 1TB
Display(s)	LG 27GL850B x 2 / ASUS MG278Q
Case	be quiet! Silent Base 802
Audio Device(s)	Sound Blaster AE-7 / Sennheiser HD 660S
Power Supply	Seasonic Vertex PX-1200
Software	Windows 11 Pro 64

Processor	Intel Core i7-13700 PL2 150W
Motherboard	MSI Z790 Gaming Plus WiFi
Cooling	Cooler Master RGB Tower cooler
Memory	Crucial Pro DDR5-5600 32GB Kit OC 6600
Video Card(s)	Gigabyte Radeon RX 9070 GAMING OC 16G
Storage	970 EVO NVMe 500GB, WD850N 2TB
Display(s)	Samsung 28” 4K monitor
Case	Corsair iCUE 4000D RGB AIRFLOW
Audio Device(s)	EVGA NU Audio, Edifier Bookshelf Speakers R1280
Power Supply	TT TOUGHPOWER GF A3 Gold 1050W
Mouse	Logitech G502 Hero
Keyboard	Logitech G G413 Silver
Software	Windows 11 Professional v24H2

Processor	7800X3D -25 all core
Motherboard	B650 Steel Legend
Cooling	Frost Commander 140
Memory	32gb ddr5 (2x16) cl 30 6000
Video Card(s)	Merc 310 7900 XT @3100 core -.75v
Display(s)	Agon 27" QD-OLED Glossy 240hz 1440p
Case	NZXT H710
Power Supply	Corsair RM850x

System Name	M3401 notebook
Processor	5600H
Motherboard	NA
Memory	16GB
Video Card(s)	3050
Storage	500GB SSD
Display(s)	14" OLED screen of the laptop
Software	Windows 10
Benchmark Scores	3050 scores good 15-20% lower than average, despite ASUS's claims that it has uber cooling.

NVIDIA Issues Warning to Upgrade Drivers Due to Security Patches

AleksandarK

News Editor

gmn17

Lionheart

Divide Overflow

biffzinker

Space Lynx

Astronaut

medi01

Vayra86

ZoneDymo

IceShroom

ExV6k

AleksandarK

News Editor

NVIDIA Issues Warning to Upgrade Drivers Due to Security Patches

Recus

Bwaze

rtwjunkie

PC Gaming Enthusiast

medi01

Linus Torvalds slams CTS Labs over AMD vulnerability report

Fluffmeister

cucker tarlson

medi01

phanbuey

Axaion

SIGSEGV

dorsetknob

"YOUR RMA REQUEST IS CON-REFUSED"

Icy1007

lexluthermiester

System Name	Tiny the White Yeti
Processor	7800X3D
Motherboard	MSI MAG Mortar b650m wifi
Cooling	CPU: Thermalright Peerless Assassin / Case: Phanteks T30-120 x3
Memory	32GB Corsair Vengeance 30CL6000
Video Card(s)	ASRock RX7900XT Phantom Gaming
Storage	Lexar NM790 4TB + Samsung 850 EVO 1TB + Samsung 980 1TB + Crucial BX100 250GB
Display(s)	Gigabyte G34QWC (3440x1440)
Case	Lian Li A3 mATX White
Audio Device(s)	Harman Kardon AVR137 + 2.1
Power Supply	EVGA Supernova G2 750W
Mouse	Steelseries Aerox 5
Keyboard	Lenovo Thinkpad Trackpoint II
VR HMD	HD 420 - Green Edition ;)
Software	W11 IoT Enterprise LTSC
Benchmark Scores	Over 9000

System Name	Cyberline
Processor	Intel Core i7 2600k -> 12600k
Motherboard	Asus P8P67 LE Rev 3.0 -> Gigabyte Z690 Auros Elite DDR4
Cooling	Tuniq Tower 120 -> Custom Watercoolingloop
Memory	Corsair (4x2) 8gb 1600mhz -> Crucial (8x2) 16gb 3600mhz
Video Card(s)	AMD RX480 -> RX7800XT
Storage	Samsung 750 Evo 250gb SSD + WD 1tb x 2 + WD 2tb -> 2tb MVMe SSD
Display(s)	Philips 32inch LPF5605H (television) -> Dell S3220DGF
Case	antec 600 -> Thermaltake Tenor HTCP case
Audio Device(s)	Focusrite 2i4 (USB)
Power Supply	Seasonic 620watt 80+ Platinum
Mouse	Elecom EX-G
Keyboard	Rapoo V700
Software	Windows 10 Pro 64bit

Processor	Intel Core i5 4590
Motherboard	Gigabyte Z97x Gaming 3
Cooling	Intel Stock Cooler
Memory	8GiB(2x4GiB) DDR3-1600 [800MHz]
Video Card(s)	XFX RX 560D 4GiB
Storage	Transcend SSD370S 128GB; Toshiba DT01ACA100 1TB HDD
Display(s)	Samsung S20D300 20" 768p TN
Case	Cooler Master MasterBox E501L
Audio Device(s)	Realtek ALC1150
Power Supply	Corsair VS450
Mouse	A4Tech N-70FX
Software	Windows 10 Pro
Benchmark Scores	BaseMark GPU : 250 Point in HD 4600

System Name	RED
Processor	Intel Core i5 2500
Motherboard	Gigabyte GA-B75M-HD3
Cooling	Cooler Master Hyper 212 Evo
Memory	2x8GB 1600MHz DDR3 @1333 [Avexir]
Video Card(s)	Gigabyte GeForce GTX 1060 3GB Windforce 2X OC
Storage	1Samsung 840 Series SSD 250GB, 2Seagate Barracuda 1TB HDDs
Display(s)	LG W1934S
Case	Aerocool X-Warrior Red Devil Edition
Audio Device(s)	Realtek ALC887
Power Supply	Seasonic M12II Evo 520W (80+ Bronze)
Mouse	Cooler Master Devastator II Mouse
Keyboard	Cooler Master Devastator II Keyboard

Processor	Intel
Motherboard	MSI
Cooling	Cooler Master
Memory	Corsair
Video Card(s)	Nvidia
Storage	Western Digital/Kingston
Display(s)	Samsung
Case	Thermaltake
Audio Device(s)	On Board
Power Supply	Seasonic
Mouse	Glorious
Keyboard	UniKey
Software	Windows 10 x64

Processor	Core i9-9900k
Motherboard	ASRock Z390 Phantom Gaming 6
Cooling	All air: 2x140mm Fractal exhaust; 3x 140mm Cougar Intake; Enermax ETS-T50 Black CPU cooler
Memory	32GB (2x16) Mushkin Redline DDR-4 3200
Video Card(s)	ASUS RTX 4070 Ti Super OC 16GB
Storage	1x 1TB MX500 (OS); 2x 6TB WD Black; 1x 2TB MX500; 1x 1TB BX500 SSD; 1x 6TB WD Blue storage (eSATA)
Display(s)	Infievo 27" 165Hz @ 2560 x 1440
Case	Fractal Design Define R4 Black -windowed
Audio Device(s)	Soundblaster Z
Power Supply	Seasonic Focus GX-1000 Gold
Mouse	Coolermaster Sentinel III (large palm grip!)
Keyboard	Logitech G610 Orion mechanical (Cherry Brown switches)
Software	Windows 10 Pro 64-bit (Start10 & Fences 3.0 installed)

Processor	AMD Ryzen 7 5700X3D
Motherboard	MSI MAG B550 TOMAHAWK
Cooling	Thermalright Peerless Assassin 120 SE
Memory	Team Group Dark Pro 8Pack Edition 3600Mhz CL16
Video Card(s)	Sapphire AMD Radeon RX 9070 XT NITRO+
Storage	Kingston A2000 1TB + Seagate HDD workhorse
Display(s)	Hisense 55" U7K 4K@144Hz
Case	Thermaltake Ceres 500 TG ARGB
Power Supply	Seasonic Focus GX-850
Mouse	Razer Deathadder Chroma
Keyboard	Logitech UltraX
Software	Windows 11

System Name	Purple rain
Processor	10.5 thousand 4.2G 1.1v
Motherboard	Zee 490 Aorus Elite
Cooling	Noctua D15S
Memory	16GB 4133 CL16-16-16-31 Viper Steel
Video Card(s)	RTX 2070 Super Gaming X Trio
Storage	SU900 128,8200Pro 1TB,850 Pro 512+256+256,860 Evo 500,XPG950 480, Skyhawk 2TB
Display(s)	Acer XB241YU+Dell S2716DG
Case	P600S Silent w. Alpenfohn wing boost 3 ARGBT+ fans
Audio Device(s)	K612 Pro w. FiiO E10k DAC,W830BT wireless
Power Supply	Superflower Leadex Gold 850W
Mouse	G903 lightspeed+powerplay,G403 wireless + Steelseries DeX + Roccat rest
Keyboard	HyperX Alloy SilverSpeed (w.HyperX wrist rest),Razer Deathstalker
Software	Windows 10
Benchmark Scores	A LOT

System Name	stress-less
Processor	9800X3D @ 5.42GHZ
Motherboard	MSI PRO B650M-A Wifi
Cooling	Thermalright Phantom Spirit EVO
Memory	64GB DDR5 6600 1:2 CL36, FCLK 2200
Video Card(s)	RTX 4090 FE
Storage	2TB WD SN850, 4TB WD SN850X
Display(s)	Alienware 32" 4k 240hz OLED
Case	Jonsbo Z20
Audio Device(s)	Yes
Power Supply	Corsair SF750
Mouse	DeathadderV2 X Hyperspeed
Keyboard	65% HE Keyboard
Software	Windows 11
Benchmark Scores	They're pretty good, nothing crazy.

System Name	Bongfjaes
Processor	AMD 3700x
Motherboard	Assus Crosshair VII Hero
Cooling	Dark Rock Pro 4
Memory	2x8GB G.Skill FlareX 3200MT/s CL14
Video Card(s)	GTX 970
Storage	Adata SX8200 Pro 1TB + Lots of spinning rust
Display(s)	Viewsonic VX2268wm
Case	Fractal Design R6
Audio Device(s)	Creative SoundBlaster AE-5
Power Supply	Seasonic TTR-1000
Mouse	Pro Intellimouse
Keyboard	SteelKeys 6G