NVIDIA releases a new graphics driver to fix code execution and denial of service vulnerabilities
Recently, NVIDIA releases a new graphics driver to repaired code execution and denial of service vulnerabilities discovered by some security researchers. The scores of these vulnerabilities ranged from 5.2 to 8.8 and there were a number of vulnerabilities that were more dangerous. This has a greater impact on the Windows operating system.
CVE | Description | Base Score |
---|---|---|
CVE‑2019‑5683 | NVIDIA Windows GPU Display Driver contains a vulnerability in the user mode video driver trace logger component. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges. | 8.8 |
CVE‑2019‑5684 | NVIDIA Windows GPU Display Driver contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access of an input texture array, which may lead to denial of service or code execution. | 7.8 |
CVE‑2019‑5685 | NVIDIA Windows GPU Display Driver contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access to a shader local temporary array, which may lead to denial of service or code execution. | 7.8 |
CVE‑2019‑5686 | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software uses an API function or data structure in a way that relies on properties that are not always guaranteed to be valid, which may lead to denial of service. | 5.6 |
CVE‑2019‑5687 | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which an incorrect use of default permissions for an object exposes it to an unintended actor, which may lead to information disclosure or denial of service. | 5.2 |
These vulnerabilities can be exploited by attackers to escalate privileges, such as upgrading from normal user rights to administrator privileges for more operations. It is very easy to install a backdoor program or other Trojan horse program after having administrator rights, and it is not easy for a user to find an attack. In addition, these vulnerabilities trigger a denial of service attacks mainly by using malicious code, which can make the attacked computer interrupt and not working properly.
Therefore, users who use NVIDIA graphics cards are advised to upgrade to the latest version of the driver as soon as possible. The download address can be searched and downloaded at the official website of NVIDIA.