[TP] Gamer Alert: Serious Nvidia Flaw Plagues Graphics Driver - Overclock.net - An Overclocking Community
Forum Jump: 

[TP] Gamer Alert: Serious Nvidia Flaw Plagues Graphics Driver

Reply
 
Thread Tools
post #1 of 28 (permalink) Old 03-03-2020, 06:32 AM - Thread Starter
Overclocker
 
EastCoast's Avatar
 
Join Date: Feb 2010
Posts: 3,219
Rep: 145 (Unique: 97)
[TP] Gamer Alert: Serious Nvidia Flaw Plagues Graphics Driver

Quote:
Several flaws found in Nvidia’s graphics drivers could enable denial of service, code execution and other malicious attack
...
The most severe flaw exists in the control panel component of the graphics driver, which is a utility program helping users monitor and adjust the settings of their graphics adapter. According to Nvidia in its security advisory, published Friday, an attacker with local system access can corrupt a system file in the control panel, which would lead to DoS or escalation of privileges.

Another vulnerability, this one medium-severity, exists in the control panel of the graphics driver (CV-2020-5958). An attacker with local system access could exploit this flaw by planting a malicious dynamic link library (DLL) file in the control panel, which may lead to code execution, DoS or information disclosure.

Nvidia also disclosed several vulnerabilities in the Virtual GPU (vGPU) Manager, its tool that enables multiple virtual machines to have simultaneous, direct access to a single physical GPU, while also using Nvidia graphics drivers deployed on non-virtualized operating systems.

The most severe of these flaws exists in the vGPU plugin, “in which an input index value is incorrectly validated, which may lead to denial of service,” according to Nvidia. The vulnerability (CVE‑2020‑5959) is 7.8 out of 10.0 on the CVSS scale, making it high-severity.

...

It’s only the latest Nvidia security patch impacting its gaming-enthusiast customer base....


https://threatpost.com/gamer-alert-s...driver/153380/

Looks like anyone who wants some of these patches have to update to 442.50. If 442.50 didn't work as good as a prior driver then you have some decisions to make.
EastCoast is offline  
Sponsored Links
Advertisement
 
post #2 of 28 (permalink) Old 03-03-2020, 06:45 AM
New to Overclock.net
 
Marios145's Avatar
 
Join Date: May 2011
Posts: 357
Rep: 70 (Unique: 40)
Quote: Originally Posted by EastCoast View Post
https://threatpost.com/gamer-alert-s...driver/153380/

Looks like anyone who wants some of these patches have to update to 442.50. If 442.50 didn't work as good as a prior driver then you have some decisions to make.
Seriously? Two of these require local access AND modifying/changing some dll or file...If you're a home user none of these matters much.
Marios145 is offline  
post #3 of 28 (permalink) Old 03-03-2020, 07:43 AM
mfw
 
ToTheSun!'s Avatar
 
Join Date: Jul 2011
Location: Terra
Posts: 7,854
Rep: 467 (Unique: 223)
Daddy Jensen is a such a formidable man! Always at work, fixing the issues we didn't even know we had!

Thanks for the heads up, EastCoast. Have a rep+.

CPU
Intel 6700K
Motherboard
Asus Z170i Pro Gaming
GPU
Gigabyte 2070 Super Windforce OC
RAM
G.skill Trident Z 3200CL14 8+8
Hard Drive
Samsung 850 EVO 1TB
Hard Drive
Crucial M4 256GB
Power Supply
Corsair SF600
Cooling
Noctua NH C14S
Case
Fractal Design Core 500
Operating System
Windows 10 Education
Monitor
ViewSonic XG2703-GS
Keyboard
Vortex Race 3 RGB
Mouse
Glorious Odin
Mousepad
Gigabyte AMP500
Audio
Fiio E17K v1.0 + Beyerdynamic DT 1990 PRO (Dekoni pads)
▲ hide details ▲
ToTheSun! is offline  
Sponsored Links
Advertisement
 
post #4 of 28 (permalink) Old 03-03-2020, 07:47 AM
New to Overclock.net
 
criminal's Avatar
 
Join Date: Mar 2008
Location: Alabama
Posts: 10,765
Rep: 698 (Unique: 426)
So basically use good Internet Security software, use good internet security habits and don't let hackers, malicious or suspicious people use your computer.

I have a big bang house. I had all the materials for my new house brought in and dumped on a vacant lot. I took a stick of dynamite, lit the fuse on fire and tossed it into the pile of materials. BOOM went the explosion and when the dust settled I had a new house! Amazing isn't it?
Super P's Rig
(21 items)
Frac
(9 items)
CPU
Ryzen 7 3700X
Motherboard
MSI MPG X570 GAMING PRO CARBON
GPU
Gigabyte RTX 2070S
RAM
XPG Spectrix D41 3600MHz
Hard Drive
Samsung 850 EVO
Hard Drive
MyDigitalSSD SBX
Hard Drive
WD Black 500GB NVMe
Power Supply
EVGA SuperNOVA 850G2
Cooling
Bykski CPU-XPR-AM
Cooling
Phobya Balancer 150 Reservoir
Cooling
XSPC EX280 Radiator
Cooling
TC-A - CPU Liquid Cooling Pump
Cooling
XSPC EX360 Radiator
Case
Phanteks Pro M TG
Operating System
Windows 10
Monitor
MSI Optix AG32CQ
Keyboard
G710+
Mouse
G305
Mousepad
Vipamz Extended XXXL
Audio
Sennheiser HD 439
Audio
Asus U7
CPU
5960X
Motherboard
Asus X99
GPU
AsRock RX570
RAM
Corsair Vengeance 3000MHz
Hard Drive
Kingston SSDNOW V300
Power Supply
EVGA 500 W1
Cooling
CoolerMaster 120MM AIO
Case
Fractal Design Define S
Operating System
Windows 10 Pro
▲ hide details ▲
criminal is offline  
post #5 of 28 (permalink) Old 03-03-2020, 07:53 AM
Expert pin bender
 
dagget3450's Avatar
 
Join Date: Jul 2014
Posts: 2,012
Rep: 163 (Unique: 93)
This is a mistake, surely they must have meant AMD drivers here? This is a non issue for nvidia, Wait for WannaBeOCer to post links to publications on how Jensen uses his silicon power AI to travel into the future, and find exploits on drivers not even coded yet so they can be remedied before they are ever made.


It's coming....

GPU i currently own: 390x/FuryX/Vega FE/RX Vega 64/RX 580 - CPUs: 5960x/R7 1700/X5650x2/E5 2863/e5 2670/R5 3600
Radeon Vega Frontier Edition Owner
dagget3450 is offline  
post #6 of 28 (permalink) Old 03-03-2020, 08:32 AM
Overclocker
 
JackCY's Avatar
 
Join Date: Jun 2014
Posts: 10,586
Rep: 352 (Unique: 250)
What a damn clickbait. This should be on some server related topic not "gamer". A serious flaw I would call an instance when a driver makes the card catch fire.
JackCY is offline  
post #7 of 28 (permalink) Old 03-03-2020, 09:40 AM
New to Overclock.net
 
Schmuckley's Avatar
 
Join Date: Jul 2011
Location: FL
Posts: 14,913
Rep: 708 (Unique: 565)
Schmuckley is offline  
post #8 of 28 (permalink) Old 03-03-2020, 05:33 PM - Thread Starter
Overclocker
 
EastCoast's Avatar
 
Join Date: Feb 2010
Posts: 3,219
Rep: 145 (Unique: 97)
Quote: Originally Posted by Schmuckley View Post
Do not be afraid.




They've been patching things up for sometime now. However, I've always wondered at what point the drivers are "secure". I thought this was over back in October/November 2019. And I have to wonder what else they will inform the community by spring/summer 2020?

It does remind me of Intel's security patching.
EastCoast is offline  
post #9 of 28 (permalink) Old 03-03-2020, 05:49 PM
u broke 666 rep :(
 
skupples's Avatar
 
Join Date: Apr 2012
Location: Fort Lauderdale
Posts: 23,499
Rep: 681 (Unique: 361)
Quote: Originally Posted by Marios145 View Post
Seriously? Two of these require local access AND modifying/changing some dll or file...If you're a home user none of these matters much.
seriously.

NV sells GPUs to more than just home users now. They're driving the future of AI, nearly single handed, for the moment. Get their stock while its still relatively cheap. *(up 10x in 3 years)

agreed that it matters little for home users.

where's all the hate for borked drivers @?!

R.I.P. Zawarudo, may you OC angels' wings in heaven.
If something appears too good to be true, it probably is.
Best R0ach Quote of all time : TLDR: Haswell might be the last legit gaming platform unless mice get their own non-USB interface on some newer architecture.
KAIHL Switches < CHERRY Switches, 10/10, blind taste test @ work.
skupples is offline  
post #10 of 28 (permalink) Old 03-03-2020, 06:42 PM
New to Overclock.net
 
Join Date: Jun 2008
Location: Wilts, U.K.
Posts: 3,622
Rep: 457 (Unique: 389)
Quote: Originally Posted by skupples View Post
seriously.

NV sells GPUs to more than just home users now. They're driving the future of AI, nearly single handed, for the moment. Get their stock while its still relatively cheap. *(up 10x in 3 years)

agreed that it matters little for home users.

where's all the hate for borked drivers @?!
I've heard it's possible to train AI on Nvidia GPU's without creating a Geforce Experience account. I think they might be supplying different divers to this "game ready" GeForce crap that needs fixing every month.


Darren9 is offline  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off