NVIDIA Patched Multiple GeForce And GPU Driver Vulnerabilities

by Abeerah Hashim November 11, 2019

written by Abeerah Hashim November 11, 2019

Recently, NVIDIA has fixed numerous security vulnerabilities in its GeForce Experience software and GPU Display Driver. Users should ensure updating their devices to the patched versions to stay protected.

NVIDIA GeForce Experience Vulnerabilities

As revealed in an advisory, there existed at least three different security flaws in NVIDIA GeForce Experience. NVIDIA came to know of these vulnerabilities through different security researchers from ACTIVELabs, Chengdu University of Technology, and SafeBreach Labs.

The first of these vulnerabilities, CVE‑2019‑5701, could let an attacker load Intel graphics driver DLLs without signature or path validation. Anyone with local access to the system with GameStream active could exploit the flaw. As a result, the attacker could trigger information disclosure, denial of service, or code execution to elevate privileges.

The second vulnerability CVE‑2019‑5689 existed in the Downloader component that allowed an attacker with local access to download and save malicious files. Whereas, the third vulnerability, CVE‑2019‑5695, affected the local service provider component, allowing an attacker to load Windows system DLLs without path or signature validation.

Both vulnerabilities also required an attacker to have local access to the system. Moreover, both flaws could lead to information disclosure, denial of service, or code execution.

These three vulnerabilities allegedly affected all previous versions of GeForce Experience. Following the reports, NVIDIA patched the flaws with the release of GeForce Experience version 3.20.1.

NVIDIA GPU Driver Vulnerabilities

In another advisory, NVIDIA also disclosed numerous vulnerabilities affecting the NVIDIA GPU driver and software.

Specifically, the vendors patched six different vulnerabilities in the NVIDIA Windows GPU Display Driver. Of these, two security flaws (CVE‑2019‑5690 and CVE‑2019‑5691) achieved a CVSS base score of 7.8. Upon exploit, the flaws could lead to privilege escalation or denial of service.

Moreover, NVIDIA also released fixes for three vulnerabilities CVE‑2019‑5696, CVE‑2019‑5697, and CVE‑2019‑5698 in NVIDIA vGPU Software

The vendors have acknowledged Peleg Hadar of SafeBreach Labs for discovering and reporting the bugs CVE-2019-5694 and CVE-2019-5695.

Let us know your thoughts in the comments.

bug Bugs code execution code execution flaw denial of service flaw information disclosure local access local privilege escalation Nvidia NVIDIA exploit NVIDIA GeForce Experience Nvidia GPU NVIDIA GPU Display Driver NVIDIA GPU Display Driver vulnerabilities NVIDIA vulnerability NVIDIA windows exploit Privilege Escalation vulnerabilities vulnerability

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

NVIDIA Patched Multiple GeForce And GPU Driver Vulnerabilities

NVIDIA GeForce Experience Vulnerabilities

NVIDIA GPU Driver Vulnerabilities

Google Forms App Defense Alliance To Stop ‘Bad Apps’

Apple Mail On MacOS Stores Parts Of Encrypted Emails In Unencrypted Form

You may also like