Graphics chip manufacturer NVIDIA last week released a security software update for its GPU Display Driver, fixing three vulnerabilities that, if left untreated, could result in denial of service, escalation of privileges, code execution or information disclosure.
The most serious of the three bugs is CVE-2019-5675, a high-severity flaw in the kernel mode layer handler for the "DxgkDdiEscape" function. According to a May 9 NVIDIA security bulletin, "The product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior and unpredictable data changes, which may lead to denial of service, escalation of privileges, or information disclosure."
A second bug, CVE-2019-5676, exposes NVIDIA software products to potential DLL preloading attacks dur to a lack of path or signature validation when loading Windows system DLLs. Such an attack can result in an escalation of privileges through code execution. The flaw was reported by Kushal Arvind Shah of Fortinet's FortiGuard Labs, Łukasz 'zaeek', Yasin Soliman, Marius Mihai and Stefan Kanthak.
NVIDIA also patched a medium-level vulnerability in the kernel model layer handler for DeviceIoControl, "where the software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer, which may lead to denial of service," the security bulletin states.
Products affected by one of more of these vulnerabilities include the following Windows-based products:
- GeForce... all R430 versions prior to 430.64 (patch currently available)
- Quadro, NVS... all R430 versions prior to 430.64, all R418 versions prior to 425.51 (patches currently available), all R400 versions (patch available starting this week) and all R390 versions (patch available this week of May 20).
- Tesla... all R418 versions prior to 425.25 (patch currently available) and all R400 versions (patch available starting this week)
In addition to NVIDIA's newly updated software versions, Windows driver versions 430.23, 425.25 and 422.02 provided by computer hardware vendors also include the security update, the company notes in its bulletin.