Published on June 26th, 2020 📆 | 1685 Views ⚑0
Nvidia squashes display driver code execution, information leak bugs
Nvidia has released a set of security updates to remove vulnerabilities in the Nvidia GPU Display Driver.
This week, the tech giant published a security advisory for a total of six bugs in the driver, varying in severity with CVSS scores of between 5.5 and 7.8 and impacting both Windows and Linux machines.
The first vulnerability, CVE‑2020‑5962, is found in the Nvidia Control Panel component of the driver, in which a local attacker can corrupt system files, leading to denial of service or privilege escalation.
CVE‑2020‑5963 is the second bug at hand, found in the CUDA Driver’s Inter Process Communication APIs. The improper access security flaw can be exploited for code execution, denial of service, or information leaks.
The third issue, now resolved, is CVE‑2020‑5964: an error in the service host component of the display driver can lead to resource integrity checks being skipped, thereby resulting in potential code execution, service denial, or information disclosure attacks.
CVE‑2020‑5965 has also been patched. The problem occurs in the display driver’s DirectX 11 user mode driver, in which a “specially crafted shader can cause an out of bounds access, leading to denial of service,” according to Nvidia.
The company has taken the opportunity to also resolve CVE‑2020‑5966, a vulnerability in the kernel mode layer of the Windows-based GPU display driver, in which the dereference of a Null pointer could be weaponized for privilege escalation or denial of service.
The final bug, CVE‑2020‑5967, was found in the Linux version of the driver’s UVM service, in which a race condition error could lead to denial of service.
The vulnerabilities addressed in the security update impact GeForce, Quadro, NVS, and Tesla GPUs on Windows and Linux machines.
A separate set of six security flaws (CVE‑2020‑5968, CVE‑2020‑5969, CVE‑2020‑5970, CVE‑2020‑5971, CVE‑2020‑5972, and CVE‑2020‑5973) has also been patched in the Nvidia Virtual GPU Manager software’s vGPU plugin.
Among the bugs are boundary restriction errors, resource validation problems, and buffer flaws that can be abused to conduct code execution, service tampering, privilege escalation, and cause denial of service.
These vulnerabilities impact Windows and Linux vGPU guest driver software, alongside Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux with KVM, and Nutanix AHV.
Nvidia thanked researchers from Cisco Talos, CyberArk Labs, Secure D Center, as well as independent cybersecurity professionals Sittikorn Sangrattanapitak and Thomas Carroll, for reporting several of the vulnerabilities.
As always, it is recommended that users accept automatic updates to mitigate the risk of exploit. Patches have been made available for each display driver bug, with the exception of Tesla R450, which will be released next week. vGPU software fixes are available for versions 8.0 to 9.3, whereas patches for the latest software release — 10.0 – 10.2 — will be made available on the week of July 6.
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0