Businesses urged to patch against 'highly severe' Nvidia flaws

GeForce, Quadro and Tesla GPUs are affected by bugs that could lead to local code execution

A host of Nvidia graphics chips are affected by five dangerous vulnerabilities ranging in severity, including one that could allow an attacker to execute malicious code locally.

Organisations using NVIDIA's GeForce, Quadro and Tesla graphics processing units (GPUs) have been urged to update their drivers immediately after the graphics giant published details around the recently-discovered flaws.

The most severe flaw, dubbed CVE-2019-5683 and rated 8.8 via CVSS V3 standards, involves a flaw in a component of the Windows GPU Display Driver software. If exploited, a malicious actor can install malware on a victim's machine.

More specifically, if an attacker has gained access to the user mode video driver trace logger component, they are able to create a hard link because the software does not check for such an attack.

Successfully taking advantage of this vulnerability could lead to local code execution, denial of service, as well as privilege escalation attacks.

Elsewhere, two separate flaws with DirectX drivers, each given a severity rating of 7.8, would also allow an attacker to execute malicious code or launch a denial of service attack.

Both flaws were first discovered by Cisco Talos security researcher Piotr Bania, who noted that VMware's ESXi, Workstation and Fusion products are affected by the out-of-bounds write vulnerability triggered through a specially crafted shader file.

Quadro graphics chips are conventionally used in workstations that are used to run profession computer-aided design (CAD) and similar heavy-duty graphics work, alongside machine learning applications and intensive calculations.

Tesla GPUs, meanwhile, are industrial units deployed on server platforms, given these chips' capacity to perform highly precise computations.

Businesses likely to deploy either variant of the Nvidia GPU, as well as GeForce GPUs fitted into notebook devices, are being urged to upgrade their drivers as soon as possible to the latest version.

These flaws are rated highly severe, but require an attacker to have close physical proximity to a targeted device, so are far less likely to be executed compared with remote-code execution vulnerabilities.

Featured Resources

Unleashing the power of AI initiatives with the right infrastructure

What key infrastructure requirements are needed to implement AI effectively?

Download now

Achieve today. Plan tomorrow. Making the hybrid multi-cloud journey

A Veritas webinar on implementing a hybrid multi-cloud strategy

Download now

A buyer’s guide for cloud-based phone solutions

Finding the right phone system for your modern business

Download now

The workers' experience report

How technology can spark motivation, enhance productivity and strengthen security

Download now

Recommended

What is e-safety?
e safety

What is e-safety?

27 Jan 2021
Your essential guide to internet security
Security

Your essential guide to internet security

27 Jan 2021
Mimecast links breach to SolarWinds hackers
Security

Mimecast links breach to SolarWinds hackers

27 Jan 2021
TikTok vulnerability exposed private user data
data protection

TikTok vulnerability exposed private user data

26 Jan 2021

Most Popular

How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
Hackers are actively exploiting three Apple iOS flaws
exploits

Hackers are actively exploiting three Apple iOS flaws

27 Jan 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

26 Jan 2021