Nvidia has patched a set of serious security vulnerabilities in the GeForce Experience graphics software and GPU Display Driver.
Three vulnerabilities have been resolved in GeForce Experience. The first, CVE‑2019‑5701, is a problem within GameStream. When enabled, an attacker with local access can load Intel graphics driver DLLs without path validation, potentially leading to arbitrary code execution, privilege escalation, denial-of-service (DoS), or information disclosure.
The second bug, CVE‑2019‑5689, is present within the GeForce downloader. Given local access, an attacker can craft and execute code to transfer and save malicious files, also potentially resulting in code execution, DoS, or information leaks.
The third security flaw, CVE‑2019‑5695, was found in the GeForce local service provider component. An attacker would need local and privileged access to exploit this vulnerability, but if achieved, it is possible to use incorrect Window system DLL loading to cause DoS or data theft.
Six vulnerabilities have also been resolved In the Nvidia Windows GPU Display driver. The most critical of these issues, CVE‑2019‑5690, is a kernel mode layer handler issue in which input size is not validated, leading to DoS or privilege escalation.
In addition, CVE‑2019‑5691 has been found in the same system in which null pointer errors can be exploited for the same purposes.
Two other bugs, CVE‑2019‑5692 and CVE‑2019‑5693, both of which are also in the kernel mode layer handler, have also been resolved. The first is related to untrusted input when calculating or using an array index, leading to privilege escalation or denial of service, whereas the second security flaw relates to how the program accesses or uses pointers. If exploited, this problem can lead to service denial.
See also: Nvidia, VMware partner to offer virtualized GPUs
The display driver also contained CVE‑2019‑5694 and CVE‑2019‑5695, incorrect DLL loading problems that could be exploited for DoS or information disclosure.
Nvidia has also resolved three vulnerabilities in the Virtual GPU Manager. CVE‑2019‑5696 is a security flaw that can lead to out-of-bound access by a guest VM, whereas CVE‑2019‑5697 can be exploited to give a guest access to memory that it does not own, leading to DoS or information leaks.
The final bug, CVE‑2019‑5698, is in the vGPU plugin and relates to incorrect validation of input index values. If exploited, this security flaw, too, can lead to denial of service.
All versions of Nvidia GeForce Experience on Windows prior to 3.20.1 are affected. Nvidia Quadro, NVS R440 versions prior to 441.12, R430, and R418, Tesla R440 and R418, and Quadro 390 are also impacted. Patches will be released for Tesla R440 and R418, and Quadro NVS R430, R418, and R390 next week.
Researchers from ACTIVELabs, the Chengdu University of Technology, and SafeBreach Labs have been thanked for reporting the vulnerabilities.
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0