Sunday, April 11, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Nvidia squashes display driver code execution, information leak bugs

June 27, 2020
in Internet Security
Nvidia squashes display driver code execution, information leak bugs
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Nvidia has released a set of security updates to remove vulnerabilities in the Nvidia GPU Display Driver.

This week, the tech giant published a security advisory for a total of six bugs in the driver, varying in severity with CVSS scores of between 5.5 and 7.8 and impacting both Windows and Linux machines. 

You might also like

Washington State educational organizations targeted in cryptojacking spree

Critical Zoom vulnerability triggers remote code execution without user input

Nation-state cyber attacks targeting businesses are on the rise

The first vulnerability, CVE‑2020‑5962, is found in the Nvidia Control Panel component of the driver, in which a local attacker can corrupt system files, leading to denial of service or privilege escalation.

See also: AI chips in 2020: Nvidia and the challengers

CVE‑2020‑5963 is the second bug at hand, found in the CUDA Driver’s Inter Process Communication APIs. The improper access security flaw can be exploited for code execution, denial of service, or information leaks. 

The third issue, now resolved, is CVE‑2020‑5964: an error in the service host component of the display driver can lead to resource integrity checks being skipped, thereby resulting in potential code execution, service denial, or information disclosure attacks. 

CVE‑2020‑5965 has also been patched. The problem occurs in the display driver’s DirectX 11 user mode driver, in which a “specially crafted shader can cause an out of bounds access, leading to denial of service,” according to Nvidia. 

The company has taken the opportunity to also resolve CVE‑2020‑5966, a vulnerability in the kernel mode layer of the Windows-based GPU display driver, in which the dereference of a Null pointer could be weaponized for privilege escalation or denial of service. 

The final bug, CVE‑2020‑5967, was found in the Linux version of the driver’s UVM service, in which a race condition error could lead to denial of service. 

The vulnerabilities addressed in the security update impact GeForce, Quadro, NVS, and Tesla GPUs on Windows and Linux machines.

CNET: Safari 14 will let you log in to websites with your face or finger

A separate set of six security flaws (CVE‑2020‑5968, CVE‑2020‑5969, CVE‑2020‑5970, CVE‑2020‑5971, CVE‑2020‑5972, and CVE‑2020‑5973) has also been patched in the Nvidia Virtual GPU Manager software’s vGPU plugin. 

Among the bugs are boundary restriction errors, resource validation problems, and buffer flaws that can be abused to conduct code execution, service tampering, privilege escalation, and cause denial of service. 

These vulnerabilities impact Windows and Linux vGPU guest driver software, alongside Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux with KVM, and Nutanix AHV.

TechRepublic: Expiring security certificates may start shutting down IoT devices

Nvidia thanked researchers from Cisco Talos, CyberArk Labs, Secure D Center, as well as independent cybersecurity professionals Sittikorn Sangrattanapitak and Thomas Carroll, for reporting several of the vulnerabilities. 

As always, it is recommended that users accept automatic updates to mitigate the risk of exploit. Patches have been made available for each display driver bug, with the exception of Tesla R450, which will be released next week. vGPU software fixes are available for versions 8.0 to 9.3, whereas patches for the latest software release — 10.0 – 10.2 — will be made available on the week of July 6. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


Credit: Zdnet

Previous Post

Machine learning model finds SARS-CoV-2 growing more infectious | MSUToday

Next Post

A Look at Deepfakes in 2020

Related Posts

Washington State educational organizations targeted in cryptojacking spree
Internet Security

Washington State educational organizations targeted in cryptojacking spree

April 10, 2021
Critical Zoom vulnerability triggers remote code execution without user input
Internet Security

Critical Zoom vulnerability triggers remote code execution without user input

April 10, 2021
Nation-state cyber attacks targeting businesses are on the rise
Internet Security

Nation-state cyber attacks targeting businesses are on the rise

April 10, 2021
These are the terrible passwords that people are still using. Here’s how to do better
Internet Security

These are the terrible passwords that people are still using. Here’s how to do better

April 9, 2021
Why do phishing attacks work? Blame the humans, not the technology
Internet Security

Why do phishing attacks work? Blame the humans, not the technology

April 9, 2021
Next Post
A Look at Deepfakes in 2020

A Look at Deepfakes in 2020

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Can a Machine Learning Model Predict T2D?
Machine Learning

Can a Machine Learning Model Predict T2D?

April 11, 2021
Leveraging SAP’s Enterprise Data Management tools to enable ML/AI success
Data Science

Leveraging SAP’s Enterprise Data Management tools to enable ML/AI success

April 11, 2021
Machine Learning in Finance Market is exclusively demanding in forecast 2029 | Ignite Ltd, Yodlee, Trill A.I., MindTitan, Accenture, ZestFinance – KSU
Machine Learning

Machine Learning in Finance Market is exclusively demanding in forecast 2029 | Ignite Ltd, Yodlee, Trill A.I., MindTitan, Accenture, ZestFinance – KSU

April 10, 2021
Vue.js vs AngularJS Development in 2021: Side-by-Side Comparison
Data Science

Vue.js vs AngularJS Development in 2021: Side-by-Side Comparison

April 10, 2021
IBM releases Qiskit modules that use quantum computers to improve machine learning
Machine Learning

IBM releases Qiskit modules that use quantum computers to improve machine learning

April 10, 2021
Hackers Tampered With APKPure Store to Distribute Malware Apps
Internet Privacy

Hackers Tampered With APKPure Store to Distribute Malware Apps

April 10, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Can a Machine Learning Model Predict T2D? April 11, 2021
  • Leveraging SAP’s Enterprise Data Management tools to enable ML/AI success April 11, 2021
  • Machine Learning in Finance Market is exclusively demanding in forecast 2029 | Ignite Ltd, Yodlee, Trill A.I., MindTitan, Accenture, ZestFinance – KSU April 10, 2021
  • Vue.js vs AngularJS Development in 2021: Side-by-Side Comparison April 10, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates