While we are all more than a little used to the regularity in which we are prompted to make graphics card driver updates, we are all sometimes guilty of getting a little lazy and, quite frankly, sometimes letting a couple of updates roll past before we finally make the plunge. It seems, however, that Nvidia is rather anxious for their graphics card owners to update as soon as possible.
In a report via Lifehacker, Nvidia has revealed 5 major security exploits discovered in their graphics card driver software. So significant are these that the company is urging people to update as soon as possible!
Nvidia Urges Immediate Graphics Card Driver Update
The 5 exploits found are described by Nvidia as follows:
- CVE‑2019‑5683: “NVIDIA Windows GPU Display Driver contains a vulnerability in the user mode video driver trace logger component. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behaviour may lead to code execution, denial of service, or escalation of privileges.”
- CVE‑2019‑5684: “NVIDIA Windows GPU Display Driver contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access of an input texture array, which may lead to denial of service or code execution.”
- CVE‑2019‑5685: “NVIDIA Windows GPU Display Driver contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access to a shader local temporary array, which may lead to denial of service or code execution.”
- CVE‑2019‑5686: “NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software uses an API function or data structure in a way that relies on properties that are not always guaranteed to be valid, which may lead to denial of service.”
- CVE‑2019‑5687: “NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which an incorrect use of default permissions for an object exposes it to an unintended actor, which may lead to information disclosure or denial of service.”
We should note that Nvidia has rated most of these vulnerabilities as a 7.7 out of 10 (minimum) in terms of danger.
Do I Need To Update?
Nvidia is urging everyone to check their GeForce experience program to ensure that they have the latest drivers installed. If you see “version 431.60” then you’re all set and already patched against these security problems. If you don’t, then an update is highly recommended!
Some may question why Nvidia has revealed this information at all. Surely it will only draw attention to those who can exploit these vulnerabilities? Well, the short answer is yes. The long answer is that it might also jog people who have been skipping updates to finally do them! – You know, a little incentivisation! – Either way, if you choose to still not update, don’t say we (or more accurately Nvidia) didn’t warn you!
What do you think? How regularly do you update your graphics card drivers? Will this announcement have the desired effect? – Let us know in the comments!
