Common Vulnerability Scoring System rates their impacts as “high” so it’s best to update your systems right now.vidia discovered new drivers to fix dangerous Nvidia 8 vulnerabilities which if exploited could lead to privilege escalation, code execution, denial of distribution and sensitive information disclosure. Although these exploits required local access and software using them does not exist in the wild. The
The DOS (Denial Of Service) vulnerability can result in inoperable GPU by forcing a crash or by requesting too much information that it is not capable to handle.
The Code execution vulnerability allows hackers to run any software they want. Moreover, the information disclosure lets attackers keep track of anything from how systems are configured to stored passwords.
Privilege escalation Vulnerability actually can work in two different ways: It either can allow an attacker to copy other users or network devices’ identity to access their information and abilities (horizontal escalation), or it can let them access all the data and control of the network devices.
All Nvidia 8 vulnerabilities have been given CVE(Common Vulnerability and Exposures) names from CVE-2019-5665 to CVE-2019-5671. The last vulnerability is different from all others (CVE-2018-6260) because it is the only one to affect Linux OS in addition to Windows. Although it is less severe, only letting the hackers to access GPU application data.
All these vulnerabilities have been given Vulnerability Scoring System (CVSS) ratings, which rates 8.8 as high, 7.8 as high, 6.5 as medium and 2.2 as low.
Those vulnerabilities were given as high(8.8) CVSS require local access and those are also of low complexity, require low privileges and no user interaction. These are capable of affecting other devices on the computer and have a high effect on the system’s integrity, availability and data confidentiality.
Other vulnerabilities rated as high (7.8) can not impact the resources the GPU was not already able to access and those vulnerabilities given 6.5(medium) CVSS means that there is no impact on system’s integrity and data confidentiality.
However, there is no software available on the internet to find these Nvidia 8 vulnerabilities in your system. But we highly recommend you to check if your drivers are up to date, if not, then update them immediately to fix them if there are any.
The Version 419.17, released on February 22, will do the fix for GeForce and Quadro products on Windows, and 418.43 includes fixes for Linux. You can check if you’re up to date or not through GeForce Experience.