Updating the drivers of our equipment is essential to enjoy a good user experience, and also to keep our system protected. Older versions may end up having vulnerabilities that, as in the case of NVIDIA and its graphic drivers, can completely compromise the security of our PC.
The company that runs Jen-Hsun Huang has given the alarm after discovering a total of five vulnerabilities in the drivers that use NVIDIA GeForce, Quadro, and Tesla graphics cards. Although the severity of these vulnerabilities is uneven and some are framed at a level that we could consider as “mild” there are also others that allow attacks and remote code execution, so their importance is beyond doubt.
If you have a PC equipped with an NVIDIA graphics card and you use drivers prior to 431.60 (GeForce graphics cards) update, as it is the only way to free your PC from those five vulnerabilities. In the case of equipment with Quadro and Tesla graphics cards, the green giant has confirmed that it will launch an update between mid and late August, as we can see in the attached image. It only affects Windows, the drivers for Linux are free of those vulnerabilities.
The breakdown of vulnerabilities that the company has done is such that:
- CVE-2019-5683: it is the most dangerous vulnerability of all. It uses a bug in the controller trace logger to create links that the software does not verify. Thanks to this, an attacker could create links without being detected by the system and force the execution of code locally, denial of service and achieve an escalation of privileges. It has a rating of 8.8 on the CVSS V3 scale.
- CVE-2019-5684: This vulnerability uses shaders that have been carefully designed to cause access outside the limits of the texture matrix entry, which could result in a denial of service or code execution. It is less serious than the previous one but has a high score, 7.8.
- CVE-2019-5685: also uses specific shaders to cause access outside the limits of the shader array input. Its consequences and the score is the same as in the previous case, 7.8.
- CVE-2019-5686: it is a hidden vulnerability in the kernel mode layer controller for DxgkDdiEscape, which uses different data structures and functions of the DirectX API that are not always valid, which can end up causing a denial of service if the function or data structure used is incorrect. It is less serious since it has a score of 5.6.
- CVE-2019-5687: it is the least dangerous of all. It is similar to the previous one since it is associated with DxgkDdiEscape and can put the system at risk if incorrect default permissions are used for an object, resulting in a leak of information or denial of service. It has a score of 5.2.
How to update your NVIDIA graphics card drivers
We already know the vulnerabilities, we have an idea of their effects and we know that to solve them we have to update the drivers of our graphics card, but where should I do it?
If you ask yourself that quiet question, the process is very simple. As always we recommend that you avoid downloading drivers through third parties and that you always use the official website of the manufacturer. In this case the official NVIDIA website.
Once inside that link we just have to select our graphics card model, the operating system, the type of driver we want and the language. We perform the search and a result will appear with the option “download now”, as we see in the image. We click to download the installer and ready, we just have to run it and follow the self-guided process.