Several flaws in Nvidia GPU driver technology could give bad actors the ability to create denial of service attacks and escalate their privileges. It is worth noting, the flaws are deemed high severity although users will need to have local access to the machine. Nvidia talks of one of the bugs that it seems the most problematic with a severity rating of 8.8 out of 10 despite the need for local access. The flaw causes problems in a component that logs trace levels of the video driver. “When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges,” Nvidia explains. Nvidia says driver updates are needed across its Quadro, GeForce, NVS, and Tesla services on Microsoft Windows PCs.
More Vulnerabilities
Nvidia also discusses four less severe flaws that are part of security fixes in its latest GPU updates: “Windows GPU Display Driver contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access of an input texture array, which may lead to denial of service or code execution. Windows GPU Display Driver contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access to a shader local temporary array, which may lead to denial of service or code execution. GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software uses an API function or data structure in a way that relies on properties that are not always guaranteed to be valid, which may lead to denial of service. Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which an incorrect use of default permissions for an object exposes it to an unintended actor, which may lead to information disclosure or denial of service.”