Code Execution Flaws in NVIDIA GPU Drivers is Patched


NVIDIA issued patches this week for a dozen bugs in GPU display drivers and vGPU applications, including some problems that could lead to code execution.

CVE‐2020‐5962, which was discovered in the NVIDIA GPU display driver, and CVE‐2020‐5963, which exists in the CUDA driver, are among the most serious bugs affecting the GPU drivers. All bear a 7.8 CVSS grade.

The first of the problems discovered in the GPU driver’s Control Panel component could allow a local attacker to increase privileges or trigger a denial of service ( DoS) condition. The second bug was found in the Inter Process Communication APIs, and could result in code execution, DoS, or disclosure of information.

The GPU maker addressed four other vulnerabilities in the GPU display driver this week, including one in the host component of the service (CVE‐2020‐5964), which could lead to code executions. The security flaw exists because it may be missing the integrity check of applications resources.

The remaining three bugs, all with a CVSS score of 5.5, could lead to denial of service: CVE‐2020‐5965 resides in the DirectX 11 user mode driver, CVE‐2020‐5966 affects the DxgkDdiEscape kernel mode layer (nvlddmkm.sys) handler, while CVE‐2020‐5967 has been found in the UVM driver.

CVE‐2020‐5965, explained by Talos’ security researchers, may be triggered by a pixel shader designed to cause an out-of-bound access. The researchers say this flaw is more serious than the claims of NVIDIA, and has a CVSS score of 8.5.

“Supplying a malformed pixel shader (inside VMware Guest OS) may cause this vulnerability. Such an attack can be triggered from VMware guest usermode to cause denial of service attack due to null pointer dereference on the host vmware-vmx.exe file, or potentially through WEBGL (remote website),’ says Talos.

Four other vulnerabilities with a CVSS score of 7.8 were found in the NVIDIA Virtual GPU Manager vGPU plugin and are triggered by incorrect resource boundary restriction (CVE‐2020‐5968), race condition (CVE‐2020‐5969), lack of input data size validation (CVE‐2020‐5970), or memory location reference after the targeted buffer (CVE‐2020‐5971);

Successful exploitation of these vulnerabilities, NVIDIA explains in an advisory, could enable attackers to execute code, trigger a DoS condition, escalate privileges or leak data.

There is a fifth vulnerability discussed this week in the vGPU plugin (CVE‐2020‐5972), since local pointer variables are not initialized and could be published later. A sixth problem such as this (CVE‐2020‐5973) is due to the opportunity for carrying out privileged operations. Both of these issues may lead to conditions for DoS.

The vulnerabilities discussed affect several versions of the Windows and Linux drivers GeForce, Quadro, NVS, and Tesla, as well as different iterations of vGPU software for Windows , Linux, Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux with KVM, and Nutanix AHV.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.