All of the security flaws patched by NVIDIA today require local user access and can not be exploited remotely, and potential user interaction for unpatched display drivers can cause potential attackers to run malicious code for one of the fixed bugs on machines. NVIDIA recommends that users update the GeForce, Quadro, NVS and Tesla Windows GPU drivers by using the NVIDIA Driver Downloads page security update.
Security issues with high severity
The problems with CVSS V3 baselines range from 5.2 to 8.8, three of which have received high-strength NVIDIA risk assessments, while the other two have been given medium-strength, all of which have an effect on Windows machines. Using these GPU display driver vulnerabilities, potential attackers can increase their privileges by allowing them to gain permissions beyond the default ones that the compromised system originally granted. These flaws would also enable them to temporarily disabling vulnerable machines by triggering a denial of a service state or malicious code on the affected Windows systems locally. The security issues fixed by NVIDIA as part of the security updating in August 2019 are listed below, with full descriptions and the company’s assigned CVSS V3 baseline scores. Cisco Talos ‘ Piotr Bania reported two problems, those tracked as CVE-2019-5684 and CVE-2019-5685 which could lead to a service denial or code execution. The NVIDIA GPU Display Driver today-August 2019 security newsletter also lists the driver versions that have been affected by the five patched security problems: NVIDIA says that some users who do not manually patch the flaws may also receive Windows drivers 431.23, 425.85 and 412.39 from their computer hardware vendors. “The table above may not be a comprehensive list of all affected versions or branch releases and may be updated as more information becomes available,” adds NVIDIA.