NVidia GPU drivers: Security updates

[PineyCreek]

Quick note here, Nvidia recently announced several security issues with their graphics drivers including the potential for remote code execution, denial of service issues, and permissions escalation.  So if you use an Nvidia GPU it's probably a good idea to update your drivers.  Multiple CVEs are involved and multiple kernel-level vulnerabilities.

 

https://nvidia.custhelp.com/app/answers/detail/a_id/4772

 

The latest driver packages address these new vulnerabilities along with one from last year.

 

Since someone pointed it out in the forums, I'll add this note: this was originally announced with Quadro and Geforce driver updates on Feb. 22nd, but has since been updated on the 27th and 28th for Tesla driver updates.

 

Nvidia doesn't provide much more information beyond the CVE base descriptions and advising to update the drivers ASAP for security's sake.  I'm pasting the CVE table below:

 

CVE	Description	Base Score	CVSS V3 Vector
CVE‑2019‑5665	NVIDIA Windows GPU Display driver contains a vulnerability in the 3D vision component in which the stereo service software, when opening a file, does not check for hard links. This behavior may lead to code execution, denial of service or escalation of privileges.	8.8	AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE‑2019‑5666	NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) create context command DDI DxgkDdiCreateContext in which the product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array, which may lead to denial of service or escalation of privileges.	8.8	AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE‑2019‑5667	NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiSetRootPageTable in which the application dereferences a pointer that it expects to be valid, but is NULL, which may lead to code execution, denial of service or escalation of privileges.	8.8	AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE‑2019‑5668	NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiSubmitCommandVirtual in which the application dereferences a pointer that it expects to be valid, but is NULL, which may lead to denial of service or escalation of privileges.	8.8	AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE‑2019‑5669	NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape in which the software uses a sequential operation to read from or write to a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer, which may lead to denial of service or escalation of privileges.	8.8	AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE‑2019‑5670	NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape in which the software uses a sequential operation to read from or write to a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer which may lead to denial of service, escalation of privileges, code execution or information disclosure.	7.8	AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE‑2019‑5671	NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software does not release a resource after its effective lifetime has ended, which may lead to denial of service.	6.5	AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVE‑2018‑6260	NVIDIA graphics driver contains a vulnerability that may allow access to application data processed on the GPU through a side channel exposed by the GPU performance counters. Local user access is required. This vulnerability is not a network or remote attack vector.	2.2	AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

 

A decently wide range of driver versions are affected.  There are tables with the affected versions in the Nvidia security bulletin (linked above) but note that even though it might say the vulnerability was found in, for example, "All R418 versions prior to 418.43" there is a further bullet point beneath that stating that affected versions include all prior releases and branches.  That could also mean potentially that the vulnerability was tested in those versions, but may still exist in earlier code builds.  Depends on how you read it I think.

 

Note that you'll likely want to download the latest drivers directly from Nvidia as your average OEM is going to be slow to update their support pages with their supposedly custom driver for the system.  Branded driver? Meh.  Go to the GPU source here for your driver update.

 

Then, because certain display adapter manufacturing corporations no longer respect privacy, you’ll probably want to disable nVidia’s telemetry program in Windows:
1)    Windows key + R to bring up run
2)    Services.msc
3)    Double-click on NVIDIA Telemetry Container
4)    Stop the process
5)    Set Startup type to Disabled
6)    Click Ok

Then either with Task Manager’s Startup tab or software like CCleaner or Microsoft’s MSInternals’ Autoruns, disable the telemetry startup task.  This link gives you more detailed instructions if you want:
https://www.ghacks.net/2016/11/07/nvidia-telemetry-tracking/

 

Not sure if the telemetry is still there in Linux, but consider yourselves warned.

[emosun]

does it say which driver versions have the vulnerability because i use an older driver

[PineyCreek]

3 minutes ago, emosun said:

does it say which driver versions have the vulnerability because i use an older driver

Yes, that's mentioned in Nvidia's security bulletin I linked.  It's going to depend on how old your driver is and what build it is for (Geforce, Quadro, NVS, Tesla, etc.).  Also what OS you run.  Check the tables after the CVE table.

[emosun]

2 minutes ago, PineyCreek said:

Yes, that's mentioned in Nvidia's security bulletin I linked.  It's going to depend on how old your driver is and what build it is for (Geforce, Quadro, NVS, Tesla, etc.).

ah i see the table now. 

my driver is apparently so old its not affected. lol

[PineyCreek]

3 minutes ago, emosun said:

ah i see the table now. 

my driver is apparently so old its not affected. lol

I added a caution on there.  Just because it's not listed doesn't mean that it doesn't potentially have the vulnerability.  We don't know how far Nvidia went back in their testing.  They have a bullet point after the affected driver version table that reads:

 

 

• Affected versions include the versions listed and all earlier branches and releases.

 

It might be they didn't bother testing older 'unsupported' driver versions for the vulnerabilities.  You could be fine.  You might not be.  I don't have insider knowledge to be able to tell you one way or another >_>.

[PineyCreek]

2 minutes ago, huilun02 said:

Just use NVSlimmer to install Nvidia drivers

Alternative download if Dropbox doesn't work for you

 

How to use:

1. Use DDU in Safe Mode to scrub out existing driver and all components that came with it
2. Download the Nvidia drivers you want
3. Run NVSlimmer, select the driver you downloaded
4. Untick all the nonessential junk you want removed
5. Click Apply and proceed to install

It also has a repackage feature to save the slimmed down driver installer, if you want to save it for later use

Ah, nice, never heard of NVSlimmer.  I'll check it out.

[MyName13]

Latest driver released 22.2.Isn't this a little bit late?

[williamcll]

Are there any peformance patches for 900M series laptop GPUs? my gigabyte P34V3 runs slower on drivers above version 399 

[PineyCreek]

1 hour ago, MyName13 said:

Latest driver released 22.2.Isn't this a little bit late?

Yes...but it's new news because no one else has posted about it in Tech News from what I could find.  Some people may find it useful information.

 

Also, not everyone updates their GPU drivers every new release.

 

If you found about it earlier, good for you.

[MyName13]

1 hour ago, PineyCreek said:

If you found about it earlier, good for you.

What's weird is that top articles on google have also been recently posted.