Nvidia has released updated versions of its graphics drivers to fix security vulnerabilities in its Windows driver versions, including those which could be exploited locally for privilege escalation or arbitrary code execution.
By their very nature, display drivers tie themselves into a host operating system at a very low level. When there's a vulnerability in the driver, it can put the entire operating system at risk - which is, unfortunately, the case for a series of vulnerabilities affecting graphics drivers from Nvidia prior to its most recent releases.
Announced in the company's security bulletin late last week, the vulnerabilities are relatively serious, though thankfully lack the ability to be exploited remotely: The most severe allows for software running on the system to execute additional arbitrary code in the context of the graphics driver, crash the system, or escalate its privileges to those of an administrative account; two others allow for crashes or arbitrary code execution; while a further two are denial of service or information disclosure vulnerabilities.
The flaws affect drivers for products across Nvidia's graphics product ranges: Those with GeForce-brand devices need to ensure they are running the 431.60 driver release or higher; those with Quadro or NVS hardware require 431.70 for R430 series, 426.00 for the R418 series, or 392.56 for the R390 series; while Quadro and NVS products from the R400 series and Tesla accelerators from the R418 series have no patched driver yet available.
For those with OEM graphics hardware which is supported by their PC manufacturer, the security fixes are included in driver releases 431.23, 425.85, and 412.39. All other Windows users with Nvidia hardware are advised to download the updated drivers manually from the official website.
January 24 2020 | 12:00