Nvidia has addressed three vulnerabilities in its Windows drivers for GeForce, Quadro, and Tesla GPUs. By exploiting the vulnerabilities attackers can cause privilege escalation.
Nvidia has provided a brief explanation of the vulnerabilities in its latest security bulletin. The most serious vulnerability is CVE-2019-5675, which relates to a vulnerability in the kernel mode layer handler for DxgkDdiEscape where the product does not properly synchronize shared data.
The vulnerabilities can be exploited for denial of service attacks, increase system rights, or obtain information from the machine.
Vulnerability CVE‑2019‑5676 is the result of the driver not loading DLL files correctly. Misuse of this vulnerability can also lead to an increase in rights on attacked systems. Less serious is CVE-2019-5677, which deals with potential misuse when reading from the memory buffer.
The vulnerabilities are addressed in the latest drivers available for GeForce, Quadro and Tesla GPU cards. These can be downloaded via GeForce Experience or via the download page.