NVIDIA has released security updates to address security vulnerabilities found in GPU Display and CUDA drivers and Virtual GPU Manager software that could lead to code execution, denial of service, escalation of privileges, and information disclosure on both Windows and Linux machines. Although all the flaws patched today require local user access and cannot be exploited remotely, with attackers having to first get a foothold on the exposed machines to launch attacks designed to abuse these bugs. Once that is achieved, they could take exploit them by remotely planting malicious code or tools targeting one of these issues on devices running vulnerable NVIDIA drivers.
According to NVIDIA’s security bulletin, the “risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation.” The company also recommends consulting an IT or security professional to accurately evaluate the risk of your specific system configuration.
High severity issues affecting Windows, Linux devicesBy abusing these vulnerabilities, attackers can escalate privileges to gain permissions above the initial default ones granted by the OS, to render unpatched machines temporarily unusable by triggering denial-of-service states. or to locally execute malicious code on compromised Windows and Linux systems. The bugs come with CVSS V3 base scores ranging from 4.4 to 7.8, with six of them having received a high-risk assessment from NVIDIA. The software security flaws addressed by NVIDIA as part of the June 2020 security update are listed in the table embedded below together with full descriptions and the CVSS V3 base scores assigned to each of them.
|NVIDIA GPU Display Driver|
|CVE‑2020‑5962||NVIDIA GPU Display Driver contains a vulnerability in the NVIDIA Control Panel component, in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges.||7.8|
|CVE‑2020‑5963||NVIDIA CUDA Driver contains a vulnerability in the Inter Process Communication APIs, in which improper access control may lead to code execution, denial of service, or information disclosure.||7.8|
|CVE‑2020‑5964||NVIDIA GPU Display Driver contains a vulnerability in the service host component, in which the application resources integrity check may be missed. Such an attack may lead to code execution, denial of service or information disclosure.||6.5|
|CVE‑2020‑5965||NVIDIA GPU Display Driver contains a vulnerability in the DirectX 11 user mode driver (nvwgf2um/x.dll), in which a specially crafted shader can cause an out of bounds access, leading to denial of service.||5.5|
|CVE‑2020‑5966||NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, in which a NULL pointer is dereferenced, leading to denial of service or potential escalation of privileges.||5.5|
|CVE‑2020‑5967||NVIDIA Linux GPU Display Driver contains a vulnerability in the UVM driver, in which a race condition may lead to a denial of service.||5.5|
|NVIDIA vGPU Software|
|CVE‑2020‑5968||NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which the software does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed by using an index or pointer, such as memory or files, which may lead to code execution, denial of service, escalation of privileges, or information disclosure.||7.8|
|CVE‑2020‑5969||NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which it validates a shared resource before using it, creating a race condition which may lead to denial of service or information disclosure.||7.8|
|CVE‑2020‑5970||NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data size is not validated, which may lead to tampering or denial of service.||7.8|
|CVE‑2020‑5971||NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which the software reads from a buffer by using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer, which may lead to code execution, denial of service, escalation of privileges, or information disclosure.||7.8|
|CVE‑2020‑5972||NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which local pointer variables are not initialized and may be freed later, which may lead to tampering or denial of service.||5.5|
|CVE‑2020‑5973||NVIDIA Virtual GPU Manager and the guest drivers contain a vulnerability in vGPU plugin, in which there is the potential to execute privileged operations, which may lead to denial of service.||4.4|
Impacted NVIDIA driver versionsThe NVIDIA GPU Display Driver – June 2020 security bulletin also includes the full list of software products and versions affected by the bugs fixed by NVIDIA today. NVIDIA encourages customers to update their GeForce, Quadro, NVS, and Tesla Windows GPU display drivers, as well as Virtual GPU Manager and guest driver software by applying the security updates available on the NVIDIA Driver Downloads page. NVIDIA says that some of the customers who will not patch the flaws manually may also receive Windows GPU display driver 451.55, 446.06, and 443.18 versions from their computer hardware vendors also bundling the security updates released today.
Enterprise NVIDIA vGPU software users have to log into the NVIDIA Enterprise Application Hub to get the updates via the NVIDIA Licensing Center.To find out which NVIDIA driver version you have installed on your computer you can follow the procedure detailed here.