Updated:01:22 PM EDT Oct 18


this is ggmania.com subsite NVIDIA Issues Warning to Upgrade Drivers Due to Security Patches - TechAmok

TOP STORIES

HEADLINES

Greta Thunberg sings Swedish Death Metal
2 Hands 2 Drawings at the same Time - DP Truong
Naruto Running in Area 51
App vs website
Experiment: Coca Cola and Mentos Under Water
Wi-Fi 6 Launches Today As 802.11ax
How Close Are We to Immortality?
20 MOST EMBARRASSING MOMENTS IN SPORTS
7 Best Xbox Emulators For Your PC
Kodi 18.4 released
The Rise And Fall Of The Headphone Jack
Windows 10 20H1 major improvements revealed
Slipknot - Gun Cover!
10-Second Video Of A Mom Embarrassing Her Daughter
Lock Picker Bypasses Popular Security System With $2 Device
NVIDIA Issues Warning to Upgrade Drivers Due to Security Patches
20 Awesome Tricks with WD-40
Slipknot - Solway Firth [OFFICIAL VIDEO]

Windows 10 v1903 and 1909 CPU requirements
Intel Could Unveil First Discrete 10 nm GPUs in mid-2020
Get Observer and Alan Wake's American Nightmare for free
Patrick Day: Boxer dies in hospital four days after suffering brain
No shots Dr. Vet man! I am fierce! Ok, one shot... But I didn't
THE ROOM Official Trailer (2019) Olga Kurylenko, Mystery, Sci-Fi
PCI-Express Gen 6.0 Specification to Finalize by 2021
Data for a whopping 26M stolen payment cards leaked in hack of fraud
BLONDE GIRL HILARIOUS ROLLER COASTER REACTION!!
Sexpot Survey: Those Blonde Bombshells Of The '50s & '60s
Bombshell Trailer #1 (2019)
Frozen II International Trailer #1 (2019)
Streaming Game Services Launching
Google Pixel 4 Uses RADAR to Read Hand Gestures
You can now play 2500 MS-DOS games in your browser for free
What if We Nuke a City?
Nvidia's GeForce Now streaming service is now available for Android
Girl Gets Head Stuck In Pumpkin!!

NVIDIA Issues Warning to Upgrade Drivers Due to Security Patches - [briefly]
05:35 AM EDT - Aug,05 2019 - post a comment

NVIDIA has found a total of five security vulnerabilities with its Windows drivers for GeForce, Quadro and Tesla lineup of graphics cards. These new security risks are labeled as very dangerous and have the potential to cause local code execution, denial of service, or escalation of privileges, unless the system is updated. Users are advised to update their Windows drivers as soon as possible in order to stay secure and avoid all of these vulnerabilities, so be sure to check your drivers for latest version. Exploits are only accessible on Windows based OSes, starting from Windows 7 to Windows 10.

However, one fact that is easing this situation is that in order to exploit a system, attacker must have local access to the machine that is running NVIDIA GPU, as remote exploit can not happen. Bellow are the tables provided by NVIDIA that show type of exploit along with rating it carries and which driver versions are affected. There are no mitigations for this exploit, as driver update is the only available solution to secure the system.

he vulnerabilities are rated using CVSS V3 base scoring system and they are arranged as following:
  • CVE-2019-5683 - Most dangerous of all the vulnerabilities. This exploits uses driver's trace logger weakness to create hard links, that software does not check. Attacker could create any link without getting warned by the system and force local code execution, denial of service or escalation of privileges. Rated with a score of 8.8.
  • CVE-2019-5684 - Vulnerability which uses carefully crafted shaders in order to cause out of bounds access to input texture array, possibly leading to denial of service or code execution. Rated with a score of 7.8
  • CVE-2019-5685 - Vulnerability which also uses carefully crafted shaders in order to cause out of bounds access to shader local temporary array, possibly leading to denial of service or code execution as well. Rated with a score of 7.8
  • CVE-2019-5686 - Vulnerability hidden in kernel mode layer handler for DxgkDdiEscape, which uses different data structures and DirectX API functions that are not always valid, leading to denial of service if the API function or data structure is incorrect. Rated with a score of 5.6.
  • CVE-2019-5687 - Least dangerous exploit of all five. It is also a problem in kernel model layer handler for DxgkDdiEscape, which may put system at risk if incorrect default permissions are used for an object. This can lead to information disclosure or denial of service. Rated with a score of 5.2.

Short overview of recent news articles

Oct,12 2019 Low-flying helicopter wrecks VIP podium at Indonesian army parade
Oct,10 2019 Nubia Red Magic 3S Offers Gaming Specs for $479
Oct,10 2019 Microsoft won't fix an important security flaw in Windows 10 Mobile
Oct,09 2019 Adobe Pulls the Plug on Venezuela
Oct,08 2019 What's inside a Tesla Engine?
Oct,08 2019 PlayStation Remote Play Available for Android
Oct,08 2019 PlayStation 5 officially launches Holiday 2020
Oct,07 2019 Modern Warfare launch gameplay trailer
Oct,07 2019 AMD Radeon Software Adrenalin 2019 Edition 19.10.1 drivers
Oct,07 2019 AMD officially announces Radeon RX 5500
Oct,07 2019 Star Trek: Picard - NYCC Trailer
Oct,06 2019 This cat is ready for spooky season
Oct,05 2019 MacBook Air - Can't Believe How Poorly The Cooling System Is
Oct,05 2019 No, Vitamin C won't cure your cold
Oct,05 2019 Baby One More Time - Piano Cover - Britney Spears
Oct,05 2019 ENDGAME BUT IN 7 DIFFERENT GENRES
Oct,04 2019 Asus ROG Phone II for Non-Gamers
Oct,04 2019 Windows 10 - security updates
Oct,04 2019 Intel 10th Gen Core X "Cascade Lake-X" Pricing and Specs
Oct,04 2019 AMD Ryzen CPUs to Get Plenty of Microcode Improvements
Oct,03 2019 NVIDIA Releases GeForce Hotfix Driver Version 436.51
Oct,02 2019 iPhone 11 Pro Max Durability Test - Back Glass Scratches?
Oct,02 2019 Microsoft announces partnership with Spotify
Oct,02 2019 Surface Duo is a dual-screen Android powered smartphone
Oct,02 2019 Intel Readies the i225-V "Foxville" Low-cost 2.5 Gbps Ethernet PHY
>> News Archive <<

TechAmok - Privacy Policy        loading time:0.01secs