Many significant-severity flaws in Nvidia’s GPU display screen motorists for Windows consumers could direct to code-execution, DoS and more.
Graphics chipmaker Nvidia has fastened two superior-severity flaws in its graphics drivers. Attackers can exploit the vulnerabilities to view delicate knowledge, achieve escalated privileges or launch denial-of-service (DoS) assaults in impacted Home windows gaming devices.
Nvidia’s graphics driver (also identified as the GPU Screen Driver) for Home windows is utilised in units targeted to fanatic players it’s the computer software part that enables the device’s functioning process and programs to use its high-stage, gaming-optimized graphics components.
One particular of the vulnerabilities, CVE-2020-5962, exists in the Nvidia Command Panel part, which supplies management of the graphics driver options as perfectly as other utilities mounted on the process. The flaw could permit an attacker with local system entry to corrupt a method file, which might lead to DoS or escalation of privileges, in accordance to Nvidia’s Wednesday stability advisory.
A further vulnerability (CVE‑2020‑5963) exists in the CUDA Driver, a computing platform and programming model invented by Nvidia. The difficulty stems from incorrect obtain manage in the driver’s Inter Course of action Interaction APIs. It could lead to direct to code execution, DoS or details disclosure.
The display screen driver also is made up of 4 medium-severity flaws, current in the assistance host component (CVE‑2020‑5964), the DirectX 11 user manner driver (CVE‑2020‑5965), the the kernel method layer (CVE‑2020‑5966) and the UVM driver (CVE‑2020‑5967).
Many drivers are influenced for Home windows and Linux customers, such as ones that use Nvidia’s GeForce, Quadro and Tesla software. A full checklist of affected – and up to date – variations are down below.
Nvidia also stomped out 4 significant-severity flaws in its Digital GPU (vGPU) supervisor, its software that allows many digital devices to have simultaneous, immediate access to a solitary bodily GPU, while also utilizing Nvidia graphics motorists deployed on non-virtualized functioning devices.
In this case, the software package does not prohibit (or improperly restricts) operations within the boundaries of a useful resource that could be accessed by using an index or pointer, this sort of as memory or documents. That may perhaps lead to code execution, DoS, escalation of privileges or details disclosure (CVE‑2020‑5968), warned Nvidia.
An additional flaw stems from the vGPU plugin validating shared methods ahead of using them, creating a race problem which may well direct to DoS or data disclosure (CVE‑2020‑5969). And in an additional glitch, input info dimension is not validated in the vGPU plugin, which may possibly lead to tampering or denial of service (CVE‑2020‑5970).
The remaining vGPU flaw (CVE‑2020‑5971) stems from the software reading from a buffer by applying buffer entry mechanisms (this kind of as indexes or tips) that reference memory destinations following the specific buffer. This could guide to code execution, DoS, escalated privileges, or data disclosure.
It is only the most up-to-date slew of patches that Nvidia has issued. Earlier in March, the business fixed numerous large-severity vulnerabilities in its graphics driver, which can be exploited by a area attacker to launch DoS or code-execution assaults. Last year, Nvidia issued fixes for superior-severity flaws in two popular gaming goods, which includes its graphics driver for Home windows and GeForce Encounter. The flaws could be exploited to launch an array of destructive attacks – from DoS to escalation of privileges. Also in 2019, Nvidia patched another higher-severity vulnerability in its GeForce Knowledge software program, which could guide to code-execution or DoS of goods, if exploited.
BEC and company e mail fraud is surging, but DMARC can support – if it’s done correct. On July 15 at 2 p.m. ET, join Valimail Global Technical Director Steve Whittle and Threatpost for a FREE webinar, “DMARC: 7 Frequent Organization E-mail Issues.” This technological “best practices” session will protect constructing, configuring, and handling e mail authentication protocols to ensure your business is protected. Click here to register for this Threatpost webinar, sponsored by Valimail.