Quantcast

Dark or Light
logo
Logo

Security Flaws Discovered In Nvidia Drivers

Poorna Shankar Updated: Posted:
Category:
News 0

If you have an Nvidia graphics card running any drivers older than 431.60, you should immediately update due to a security flaws.

PCGamesN reports (via BleepingComputer) that drivers prior to 431.60 is open to local code execution, denial of service, or escalation of privileges. You can download the latest patched drivers here. For a clean removal of older drivers, you can use DDU found here.

The security flaws fixed by Nvidia’s latest drivers are listed below:

CVE

Description

Base Score

CVE?2019?5683

NVIDIA Windows GPU Display Driver contains a vulnerability in the user mode video driver trace logger component. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges.

8.8

CVE?2019?5684

NVIDIA Windows GPU Display Driver contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access of an input texture array, which may lead to denial of service or code execution.

7.8

CVE?2019?5685

NVIDIA Windows GPU Display Driver contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access to a shader local temporary array, which may lead to denial of service or code execution.

7.8

CVE?2019?5686

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software uses an API function or data structure in a way that relies on properties that are not always guaranteed to be valid, which may lead to denial of service.

5.6

CVE?2019?5687

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which an incorrect use of default permissions for an object exposes it to an unintended actor, which may lead to information disclosure or denial of service.

5.2

 


ShankTheTank

Poorna Shankar

A highly opinionated avid PC gamer, Poorna blindly panics with his friends in various multiplayer games, much to the detriment of his team. Constantly questioning industry practices and a passion for technological progress drive his love for the video game industry. He pulls no punches and tells it like he sees it. He runs a podcast, Gaming The Industry, with fellow writer, Joseph Bradford, discussing industry practices and their effects on consumers.