NVIDIA issued a security update to fix three high and medium severity security issues in the NVIDIA GPU Display Driver that could lead to code execution, denial of service, escalation of privileges, or information disclosure on vulnerable Windows machines.
Even though to abuse the patched flaws would-be attackers require local user access, they could also exploit them by remotely dropping malicious tools through various other means on computers running an unpatched NVIDIA GPU Display Driver version.
NVIDIA advises all users to update their drivers as soon as possible by applying the security update available on the
NVIDIA Driver Downloads page.
Security issue with high severity ratings
The fixed issues are tracked as
CVE‑2019‑5675,
CVE‑2019‑5676, and
CVE‑2019‑5677 and come with base scores ranging from 5.6 to 7.7, with NVIDIA's risk assessment being based on the
CVSS V3 standards.
By exploiting the issues that lead to information disclosure attackers can collect valuable information about computers running an outdated version of NVIDIA GPU Display Driver.
The flaws that lead to a denial of service state, could allow potential attackers to render vulnerable computers temporarily unusable, while, by abusing unpatched code execution vulnerabilities they can run commands or code on compromised machines.
Additionally, escalation of privileges flaws in the NVIDIA GPU Display Driver make it possible to elevate user privileges, gaining permissions beyond the ones initially granted by the system.
The software issues patched by NVIDIA in their May 2019 security update are listed below, together with full descriptions and the CVSS V3 Base Score assigned to each of them.