Trojans and benefits: NVIDIA closed several serious vulnerabilities in the GPU drivers

Троянцы и привилегии: NVIDIA закрыла несколько серьезных уязвимостей в драйверах GPU

NVIDIA announced (here and here) that the specialists of the company closed a range of vulnerabilities in drivers and some services of graphics processors GeForce. The vulnerabilities were from low-risk to extremely serious, leading to the risk of leakage of personal data of users to other unpleasant consequences.

Of these detected problems, three related to the GeForce Experience package, which is responsible for automatically updating drivers, optimizing settings of the graphics subsystem for streaming and recording gameplay. First, was closed the most dangerous vulnerability CVE-2019-5701 (7.8 points on a scale CVSS), which dealt with services streaming GameStream. An attacker with local access to the machine could load the DLL library Intel graphics driver without signature verification, which, through the execution of malicious code, giving access to information, launching denial of service and elevation of privileges.

The second vulnerability in the package GeForce Experience? CVE-2019-5689? less dangerous (6.7 points on a scale CVSS) and is associated with an error in the boot loader. Having local access to a PC, an attacker using this vulnerability could keep malicious code and to access data or perform other malicious actions. The third vulnerability is in the package? CVE-2019-5695? estimated at 6.5 points on a scale of CVSS and allowed to replace the DLL when you work with a local service provider. A local attacker with privileged access to the machine could download false Windows libraries to invoke a denial of service or data theft.

Six of the vulnerabilities were closed in the drivers for NVIDIA GPU’s running Windows. The most dangerous of them? CVE-2019-5690? arose due to the lack of verification of the size of the input buffer. Its implementation required local access to the machine and could lead to denial of service or elevation of privilege level. In addition to the above, his contribution to the list of holes made CVE-2019-5691 appearing after an error with a null pointer.

CVE-2019-5692 led to the growth of privilege and denial of service are called when creating or using an array index that allowed the promotion of unreliable data. Two other vulnerabilities? CVE-2019-5694 and CVE-2019-5695? discovered in display drivers for the GPU (GPU Display Driver). They allow to correctly load DLLs and allowed them to steal data or cause a denial of service.

The last three vulnerabilities? CVE-2019-5696, CVE-2019-5697 and CVE-2019-5698? used, respectively, beyond what is permitted guest access to virtual machines access to protected memory with guest entry and an error in the evaluation of the input indices followed an incorrect confirmation in the plugin vGPU.

To date, the company has corrected all discovered vulnerabilities in Windows the NVIDIA GPU Display Driver 441.12 and NVIDIA GeForce Experience 3.20.1. Fixed NVIDIA drivers 426.26 (GPU 8.2) for Windows and driver 418.109 (GPU 8.2) for Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux and KVM, Nutanix AHV. Fixes for other versions of Quadro and Tesla GPUs will be out in a week (R440 for Tesla and Quadro NVS and R418 R430, R418 and R390).

Троянцы и привилегии: NVIDIA закрыла несколько серьезных уязвимостей в драйверах GPU

Троянцы и привилегии: NVIDIA закрыла несколько серьезных уязвимостей в драйверах GPU