Windows users: Patch your Nvidia GPU drivers to stop attackers running malware

One high-severity flaw among five bugs fixed in graphics chip maker's August display driver update.
Written by Liam Tung, Contributing Writer

Graphics chip maker Nvidia is urging users to install new security updates that address one high-severity flaw and four others that can be exploited by attackers. 

Nvidia warns that the flaws in its GPU driver collectively could allow local attackers to execute code, cause a denial of service or escalate privileges. 

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

The worst of the bugs affects a component that logs trace levels of the video driver in user mode and has a severity rating of 8.8 out of 10, but it can only exploited by an attacker who has local access to the vulnerable PC. 

"When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges," Nvidia states. 

The bugs only affect Windows systems and the updates should be applied to Nvidia's GeForce, Quadro, NVS, and Tesla software. 

Nvidia drivers aren't a common target for attackers but, as Google Project Zero researchers have pointed out in the past, Nvidia drivers are complicated pieces of software that give attackers a lot of angles to attack processes from apps, such as the browser, that have access to the GPU. 

The large attack surface potentially offers an attacker escape routes from OS-enforced software sandboxes. A Google engineer working with Project Zero found a whopping 400 sandbox escapes across 16 flaws in Nvidia's kernel mode Windows driver.  

Two of the five newly disclosed flaws were found by Piotr Bania, a researcher at Cisco's Talos Intelligence security unit, who's previously found serious flaws in parts of Nvidia drivers that handle pixel shaders.      

The two flaws Bania identified are due to issues within the DirectX drivers and once again can be exploited with a specially crafted pixel shader.

Exploitation of the first flaw "can cause an out-of-bounds access of an input texture array, which may lead to denial of service or code execution", according to Nvidia. 

The second "can cause an out-of-bounds access to a shader local temporary array, which may lead to denial of service or code execution."

Many affected Windows users are likely to get fixed drivers through OEMs rather than from Nvidia directly. 

Nvidia notes that all versions of R340 prior to 431.60 are affected. Users can check which version is installed within the Nvidia Control panel. Nvidia provides details about how to check the version in a support document.  

Editorial standards