[ad_1]
In addition to the known bug fixes when writing the GeForce Game Ready 430.64 graphics driver release, the update apparently had some security fixes. The most serious problem (CVE-2019-5675) has a vulnerability score of 7.7. Apparently, the kernel mode portion of the driver has a sync bug, which could lead to escalation of permissions, denial of service, or unauthorized access to data. The second problem (CVE-2019-5676) implies that the driver installation program does not correctly validate the DLLs that it loads, which could allow malware to receive higher privileges. A third problem (CVE-2019-5677) is a denial of service.
Although the vulnerabilities have been disclosed, some drivers have not yet been updated (according to the NVIDIA support page). Quadro and Tesla drivers on the R400 branch should be patched this week to come. Quadro drivers on the R390 branch should be patched the week after.
Interesting, GeForce Creator Ready drivers are not listed in this document.; they are still back on version 419.67. Since its release in March, I will assume that they are vulnerable but that they will be corrected soon. NVIDIA does not seem to be saying one way or the other.
If possible, update the latest graphics drivers on their website or using GeForce Experience.
[ad_2]
Source link