INSUBCONTINENT EXCLUSIVE:
Nvidia has released a patch for a set of serious security vulnerabilities which affect users of its GeForce Experience software and its GPU
Display Driver.The company recently published two separate security advisories detailing the vulnerabilities and if left unpatched, the most
severe of these vulnerabilities could allow for code execution or information disclosure.Nvidia has resolved three vulnerabilities in its
GeForce Experience software
The first vulnerability, labeled CVE-2019-5701 which was discovered by Hashim Jawad of ACTIVELabs, is a problem within GameStream that could
allow an attacker with local access to load Intel graphics driver DLLs without path validation
This could potentially lead to arbitrary code execution, privilege escalation, denial-of-service (DOS) or information disclosure.The second
vulnerability, labeled CVE-2019-5689, was found by Siyuan Yi of Chengdu University of Technology and it it exists within the GeForce
An attacker with local access could exploit this vulnerability to create and execute code to transfer and save malicious files.The third
vulnerability, labeled CVE-2019-5695, was discovered by Peleg Hadar of SafeBreach Labs inside the GeForce local service provider component
To exploit this vulnerability, an attacker would need both local and privileged access
However, if they obtained these, it would be possible to use an incorrect Windows system DLL loading to cause DOS or data theft.Nvidia's
latest patch also resolved six vulnerabilities in the Nvidia Windows GPU Display driver
Of these flaws, CVE-2019-5690 was the most critical and it is a kernel mode layer handler issue where input size is not validated and this
could lead to DoS or privilege escalation
Additionally, CVE-2019-5691 was found in the same system in which null pointer errors can be exploited with the same outcome.CVE-2019-5692
and CVE-2019-5693 are also in the kernel mode layer handler but Nvidia has resolved these bugs as well
The first vulnerability relates to untrusted input when calculating or using an array index and this can lead to privilege escalation or DoS
The second security flaw involves how the program accesses or uses pointers and could lead to service denial if exploited.Nvidia also fixed
the CVE-2019-5694 and CVE-2019-5695 vulnerabilities in the display driver that led to incorrect DLL loading problems which could be
exploited for DoS or information disclosure
Finally, the company resolved three vulnerabilities in the Virtual GPU Manager.Versions of Nvidia GeForce Experience before version 3.20.1
are affected by these flaws and users should update their software as well as their graphics drivers immediately to avoid falling victim to
any attacks which could exploit these vulnerabilities.Via ZDNet
