"NVIDIA Fixes High-Severity Flaws in Graphics Drivers for Windows, Linux"

NVIDIA, which manufactures Graphics Processing Units (GPUs) for gaming systems, high-end PCs, and handheld devices, has released patches for several high-severity vulnerabilities in its graphics drivers for Windows and Linux that could result in code execution in some cases. The graphics driver, also known as the NVIDIA GPU Display Driver, is the software component that enables the device's operating system and applications to take advantage of the enthusiast gamer-optimized graphics hardware. NVIDIA's graphics driver has previously been found to have serious flaws, including one disclosed in May that could allow attackers to execute arbitrary code and, in some cases, perform guest-to-host escapes on virtual machine-running systems. NVIDIA's recent release includes three flaws in the kernel mode layer of the graphics driver for Windows. One of these is a flaw in the DxgkDdiEscape interface kernel mode layer handler. The interface fails to validate data properly, which could allow an attacker with basic user capabilities to cause an out-of-bounds access in kernel mode. According to NVIDIA, this could lead to Denial-of-Service (DoS) attacks, information disclosure, privilege escalation, or data tampering. The security update also addresses two flaws in the Linux graphics driver. Incorrect input validation causes one flaw in the kernel mode layer (nvidia.ko). A local attacker could use this to launch various attacks, such as DoS, privilege escalation, data tampering, and limited information disclosure. Another vulnerability exists in a D-Bus configuration file that is optional. A local user with basic capabilities can impact protected D-Bus endpoints. These flaws are addressed in updates for impacted versions of Linux driver branches R515, R510, R470, R450, and R390. This article continues to discuss the high-severity vulnerabilities addressed by NVIDIA in graphics drivers for Windows and Linux. 

Decipher reports "NVIDIA Fixes High-Severity Flaws in Graphics Drivers for Windows, Linux"

 

Submitted by Anonymous on