Updated:02:45 PM EDT Aug 08


this is ggmania.com subsite NVIDIA Issues Warning to Upgrade Drivers Due to Security Patches - TechAmok

NVIDIA Issues Warning to Upgrade Drivers Due to Security Patches - [briefly]
05:35 AM EDT - Aug,05 2019 - (1 comments)

NVIDIA has found a total of five security vulnerabilities with its Windows drivers for GeForce, Quadro and Tesla lineup of graphics cards. These new security risks are labeled as very dangerous and have the potential to cause local code execution, denial of service, or escalation of privileges, unless the system is updated. Users are advised to update their Windows drivers as soon as possible in order to stay secure and avoid all of these vulnerabilities, so be sure to check your drivers for latest version. Exploits are only accessible on Windows based OSes, starting from Windows 7 to Windows 10.

However, one fact that is easing this situation is that in order to exploit a system, attacker must have local access to the machine that is running NVIDIA GPU, as remote exploit can not happen. Bellow are the tables provided by NVIDIA that show type of exploit along with rating it carries and which driver versions are affected. There are no mitigations for this exploit, as driver update is the only available solution to secure the system.

he vulnerabilities are rated using CVSS V3 base scoring system and they are arranged as following:
  • CVE-2019-5683 - Most dangerous of all the vulnerabilities. This exploits uses driver's trace logger weakness to create hard links, that software does not check. Attacker could create any link without getting warned by the system and force local code execution, denial of service or escalation of privileges. Rated with a score of 8.8.
  • CVE-2019-5684 - Vulnerability which uses carefully crafted shaders in order to cause out of bounds access to input texture array, possibly leading to denial of service or code execution. Rated with a score of 7.8
  • CVE-2019-5685 - Vulnerability which also uses carefully crafted shaders in order to cause out of bounds access to shader local temporary array, possibly leading to denial of service or code execution as well. Rated with a score of 7.8
  • CVE-2019-5686 - Vulnerability hidden in kernel mode layer handler for DxgkDdiEscape, which uses different data structures and DirectX API functions that are not always valid, leading to denial of service if the API function or data structure is incorrect. Rated with a score of 5.6.
  • CVE-2019-5687 - Least dangerous exploit of all five. It is also a problem in kernel model layer handler for DxgkDdiEscape, which may put system at risk if incorrect default permissions are used for an object. This can lead to information disclosure or denial of service. Rated with a score of 5.2.

Short overview of recent news articles

Apple Bans Game-Streaming Services From iOS (Aug,08 2020 )

Horizon Zero Dawn Complete Edition Released (Aug,08 2020 )

Intel Hit by a Devastating Data Breach, Chip Designs, Code (Aug,08 2020 )

Intel will announce its Tiger Lake processors on September 2 (Aug,06 2020 )

Samsung Galaxy Note20 Ultra Ecosystem: Official Introduction (Aug,05 2020 )

Galaxy Note20 Series Focuses on Video, Note-Taking (Aug,05 2020 )

Samsung Galaxy Z Fold 2 Coming to Verizon, T-Mobile (Aug,05 2020 )

Samsung Intros New Earbuds and Watch (Aug,05 2020 )

AMD Radeon Adrenalin 2020 Edition 20.8.1 Driver (Aug,05 2020 )

200 Watt car mounted laser! (Aug,04 2020 )

A Large Explosion Took Place In Beirut (Aug,04 2020 )

Xbox Cloud Gaming Launching on Android September 15th (Aug,04 2020 )

Samsung's Most Affordable 5G Phone Hits US This Month (Aug,04 2020 )

The Ultimate PS4 Pro: 8TB SSD Upgrade (Aug,03 2020 )

Microsoft confirms its intention to buy TikTok (Aug,03 2020 )

Teenage Bounty Hunters - Official Trailer (Aug,02 2020 )

Watch 15-Year-Old's Short Film 'Numb' (Aug,02 2020 )

//HEX Released (Aug,02 2020 )

Microsoft won't open its physical offices until early 2021 (Aug,01 2020 )

Microsoft reportedly in talks to buy TikTok (Aug,01 2020 )

NASA launches Perseverance rover on mission to Mars (Aug,01 2020 )

Intel Overhauls its Corporate Identity (Jul,30 2020 )

Google Offers New Free Backup Options for iOS and Android (Jul,30 2020 )

Qualcomm Quick Charge 5 can Fully Charge Your Phone in Under 15 (Jul,30 2020 )

Intel Core i9-10850K Officialy Clocked At 5.2GHz (Jul,28 2020 )

Samsung's Galaxy Watch 3 Explored (Jul,28 2020 )

NVIDIA Releases Hotfix Driver Version 451.85 (Jul,27 2020 )

Windows 10's latest update bug is breaking internet (Jul,26 2020 )

Newest Gorilla Glass Protects Against Both Drops and Scratches (Jul,24 2020 )

Samsung Money Launches, Adds Exclusive Discounts (Jul,24 2020 )

Avatar Sequels Delayed, New Release Dates Revealed (Jul,24 2020 )

LG's Premium Velvet Launching in US for $600 (Jul,21 2020 )

10 modern layouts in 1 line of CSS (Jul,21 2020 )

Windows 10X Delayed to 2021, Loses Win32 Support (Jul,20 2020 )

Microsoft Cloud PC is Coming in Spring 2021 (Jul,20 2020 )

Samsung Galaxy Buds Live In-Ear 'Bean' Earbuds Leak On Video (Jul,20 2020 )

Gamer Girl - Official Teaser Trailer (2020) (Jul,19 2020 )

Why do Casio calculators get this wrong? (Jul,17 2020 )

This is The Deepest Hole on Earth. What's At The Bottom? (Jul,17 2020 )

Facebook Messenger Adds Screen Sharing (Jul,17 2020 )

Get Warhammer 40,000: Rites of War for Free (Jul,17 2020 )

Intel Core i9-10850K Priced at $449 (Jul,17 2020 )

AMD Releases Radeon Software Adrenalin 20.7.2 Beta (Jul,15 2020 )

Intel is finally retiring its 9th Gen Core-X Skylake-X series (Jul,14 2020 )

MS is removing the ability to fetch files from a PC using OneDrive (Jul,14 2020 )

Mozilla temporarily shuts down Firefox Send (Jul,14 2020 )

What It's Like To Play Games On The Samsung Odyssey G9 Monitor (Jul,12 2020 )

THE BOYS Season 2 Trailer 2 (2020) (Jul,12 2020 )

Devolverland Expo released for free on Steam (Jul,12 2020 )

Qualcomm Snapdragon 865+ is 10% Faster (Jul,10 2020 )

>> News Archive <<

TechAmok - Privacy Policy        loading time:0.01secs