Nvidia, the leading producer of graphic processing unit, has released a security update on February 28, 2020. The security update addresses vulnerabilities present in GPU display driver, vGPU Manager and vGPU graphics driver. These security flaws are categorized as medium to high severity. A potential attacker can perform code execution, local escalation of privileges, exposure of information, and Denial of Service attacks on Windows platform[1].
Insights
The security issues reported in the GPU display driver can be attacked only if the attacker has access to the machine. The attacker would have to hijack a compromised Windows machine and then exploit the flaws in the GPU display driver. An attacker can exploit the flaws in vGPU Manager and vGPU graphics driver and perform Denial of Service attack. This DoS attack is caused due to null pointer dereferencing occuring in the kernel module of Nvidia vGPU Manager. This will lead to the system being unusable for day-to-day business. The attacker can take over a compromised system and perform code execution and can capture crucial information. This can cause a major impact on Nvidia’s business. Nvidia has alerted its clients and customers to immediately patch their GeForce, Quadro, NVS, and Tesla Widows display drivers[1]. The patches are available on the Nvidia Driver Downloads page.
Conclusion
The security flaws addressed by Nvidia clearly affect the CIA Triad. An attacker can cause crucial information disclosure; compromising Confidentiality. Code execution and escalation of privileges can compromise Integrity of the Systems. Availability is compromised when a potential attacker performs Denial of Service attacks. Nvidia has taken good steps to make sure their clients and customers patch their systems as soon as possible.
References