Nvidia GPU display drivers could be on the radar of hackers. According to the latest news, Nvidia is prompting Geforce graphics card owners running Windows OS, to update their drivers.
The three severe flaws in Nvidia GPUs were discovered by Kushal Arvind Shah from Fortinet’s FortGuard Labs. The vulnerability could allow hackers to steal information, gain administrative access on users PC or worse, launch a DoS (Denial of Service) attack.
Nvidia GPU Display Drivers Need To Be Updated ASAP
If you’re running any latest Nvidia Geforce graphics card, be it on your desktop or laptop, then you need to upgrade it asap.
The Nvidia GPR Display driver has a vulnerability termed CVE-2019-5675 in its kernel mode (nvlddmkm.sys) for DxgkDdiEscape. This exploit does not synchronize data such as static variables across threads. It could lead to a DoS attack.
Another vulnerability is termed CVE-2019-5676, which could be used to launch a DLL attack. Nvidia GPU Display drivers load the Windows system DLL incorrectly without any sign validation. Hackers can run a custom DLL in Current Working Directory and trick the system into granting them access.
Nvidia has informed its users via a security bulletin and is currently pushing the updates for a number of Geforce graphics cards.
The third vulnerability dubbed CVH-2019-5677 is the least severe of them all. However, it still contains a kernel mode layer vulnerability which can be exploited to cause a DoS attack.
The severity of all these exploits is as follows:
| CVE | Base Score (Depending on Severity) | Vectors |
| CVE‑2019‑5675 | 7.7 | AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:H |
| CVE‑2019‑5676 | 7.2 | AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H |
| CVE‑2019‑5677 | 5.6 | AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H |
Are All Nvidia GPUs Affected
A number of Nvidia GPUs have several vulnerabilities. Here is a list of all of them:
| CVE | Nvidia GPU Display Drivers | GPU Drivers Affected | Updated Safe Versions |
| CVE‑2019‑5675 CVE‑2019‑5676 CVE‑2019‑5677 |
GeForce | All R430 versions prior to 430.64 | 430.64 |
|
CVE‑2019‑5675
CVE‑2019‑5676 CVE‑2019‑5677 |
Quadro, NVS
|
All R430 versions prior to 430.64 | 430.64 |
| All R418 versions prior to 425.51 | 425.51 | ||
| All R400 versions | Available the week of May 13 | ||
| CVE‑2019‑5666 CVE‑2019‑5675 CVE‑2019‑5677 |
Quadro, NVS | All R390 versions | Available the week of May 20 |
|
CVE‑2019‑5675
CVE‑2019‑5676 CVE‑2019‑5677 |
Tesla
|
All R418 versions prior to 425.25 | 425.25 |
| All R400 versions | Available the week of May 13 |
Nvidia’s risk assessment is based on CVSS v3 standards.
Laptop manufacturers like Lenovo have started rolling out updates for their Nvidia mobile GPUs. Users can expect an official update from their respective laptop manufacturers very soon.
