Remember how everyone had to update their Nvidia drivers to fix a surprise CPU flaw? Well, now you’ll have to update your drivers again – this time to fix a crippling vulnerability.
A security notice published recently on the Nvidia Support page notes that a “software security update” that fixes a vulnerability enabling, of all things, denial of service attacks. Three separate vectors were addressed, all of which were outlined here. If you’re interested, here’s what was fixed:
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the product does not properly synchronise shared data, such as static variables across threads, which can lead to undefined behaviour and unpredictable data changes, which may lead to denial of service, escalation of privileges, or information disclosure.
NVIDIA Windows GPU Display Driver installer software contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution.
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DeviceIoControl where the software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer, which may lead to denial of service.
Anyone with a GeForce GPU and all Quadro R430 cards with drivers below 430.64, are affected. Some Quadro, NVS and Tesla cards will get patches over the next week, but as pretty much everyone who games has a GeForce GPU, you can grab the 430.64 drivers through the Nvidia website or the GeForce Experience middleware.