Quote:

Several high-severity flaws in Nvidia’s GPU display drivers for Windows users could lead to code-execution, DoS and more.

Graphics chipmaker Nvidia has fixed two high-severity flaws in its graphics drivers. Attackers can exploit the vulnerabilities to view sensitive data, gain escalated privileges or launch denial-of-service (DoS) attacks in impacted Windows gaming devices.

Nvidia’s graphics driver (also known as the GPU Display Driver) for Windows is used in devices targeted to enthusiast gamers; it’s the software component that enables the device’s operating system and programs to use its high-level, gaming-optimized graphics hardware.

One of the vulnerabilities, CVE-2020-5962, exists in the Nvidia Control Panel component, which provides control of the graphics driver settings as well as other utilities installed on the system. The flaw could allow an attacker with local system access to corrupt a system file, which may lead to DoS or escalation of privileges, according to Nvidia’s Wednesday security advisory.

Another vulnerability (CVE‑2020‑5963) exists in the CUDA Driver, a computing platform and programming model invented by Nvidia. The issue stems from improper access control in the driver’s Inter Process Communication APIs. It could lead to lead to code execution, DoS or information disclosure.

The display driver also contains four medium-severity flaws, existing in the service host component (CVE‑2020‑5964), the DirectX 11 user mode driver (CVE‑2020‑5965), the the kernel mode layer (CVE‑2020‑5966) and the UVM driver (CVE‑2020‑5967).

Various drivers are affected for Windows and Linux users, including ones that use Nvidia’s GeForce, Quadro and Tesla software. A full list of affected – and updated – versions are below.