NVIDIA Patches High Severity GeForce Experience Vulnerability March 26, 2019 https://www.bleepingcomputer.com/ne...gh-severity-geforce-experience-vulnerability/
Nvidia Fixes High-Severity Flaws in GeForce Experience for Gamers May 31, 2019 https://threatpost.com/nvidia-fixes-high-severity-flaws-in-geforce-experience-for-gamers/145222/
I really don't understand nVidia security advisories. Ver. 3.19 drivers date to early 2018. Also for older graphics cards like my GTS450, this is the latest driver available. So I guess, these current alerts are for new vulnerabilities found in pre-release 3.19 drivers. Interestingly, the latest Win 10 based driver that is auto downloaded via Win Updating is ver. 3.18. Go figure?
Well this one is for nVidia drivers: https://www.bleepingcomputer.com/ne...gh-severity-windows-gpu-display-driver-flaws/ and states anything prior to ver. 430 is vulnerable. Appears NVidia is no longer offering driver updates for their older graphics cards.
Very true as I have a 2011 Dell XPS 17" Laptop with an NVIDIA 430 Mobile GPU and the last Driver I can get is: https://www.geforce.com/drivers/results/132841 I will a reinstall on the same Driver and not install the nvidia Geforce experience and that's it. GeForce Game Ready Driver Version 391.35 - WHQL Release Date Tue Mar 27, 2018 Operating System Windows 10 64-bit Language English (US) File Size 445.39 MB
In reference to these two driver vulnerabilities, nVidia's advisory does state that any GeForce R430 drivers prior to 430.34 are vulnerable. Therefore, this is not just a GeForce software issue. Although nVidia has not specifically stated so, drivers prior to R430 are also probably vulnerable but N/A since they are no longer supported. See the end of this posting for GeForce products no longer supported which includes my graphics card: https://nvidia.custhelp.com/app/answers/detail/a_id/4797 A month or so ago, I started getting periodic "black screen of death" with my Win 10 x(64) 1809 build totally locking up. Even the case power button was non-functional. Had to manuallt cut power to the device, wait a while, and then power back up and all was fine. After a while, I noticed this always occured when browsing using IE11. Nothing in Control Panel - Reliability Monitor or Win Event logs showed anything. Recently I started using FireFox and it at least pointed me to the cause. At least with FireFox, the device doesn't black screen. Reliability Monitor always showns this: Win Event Log in the Warning section also has a Display log entry that syncs time-wise with the Hardware error and notes this: To me, it is just a bit too coincidental that the above always happens when browsing. However, I just applied some system and nVidia control panel "tweaks" to see if this stops this activity. It is also possible the graphics card is going bad. But I would expect this activity at other times than when just browsing. https://nvidia.custhelp.com/app/answers/detail/a_id/3473/session/L2F2LzEvdGltZS8xNTU5NDE2Nzk3L3NpZC9mVUp2bW5fMGt1OU9pbkExU0pZalpCJTdFano0bzdYM3I5dkhodlUlN0VZa0hNY3EyNkM2QVcxbzNqeHFZSHBLRDhBODU3OGRfQ1N3RHIxQzM0UUVnX3k2U0duNGpOSjBOUmM5aGNKTkVlRU1saWRydkk0ZSU3RXZjRTRndUElMjElMjE=
Although no POC exists as far as CVE-2019-5675 goes, I believe it is fair to assume it is similar in nature to other DxgkDdiEscape vulnerabilities previously disclosed by Google's Project Zero: https://googleprojectzero.blogspot.com/2017/02/attacking-windows-nvidia-driver.html
Despite Nvidia GeForce Experience security fix, experts say “uninstall” June 5, 2019 https://www.trustedreviews.com/news/despite-nvidia-gfe-security-fix-experts-say-uninstall-3835123
NVIDIA Patches High Severity Vulnerability in GeForce Experience December 23, 2019 https://www.bleepingcomputer.com/ne...severity-vulnerability-in-geforce-experience/ NVIDIA: Security Bulletin: NVIDIA GeForce Experience - December 2019
NVIDIA fixes code execution bug in GeForce Experience software CVSS V3 base score 6.5 July 8, 2020 https://www.bleepingcomputer.com/ne...execution-bug-in-geforce-experience-software/ NVIDIA: Security Bulletin: NVIDIA GeForce Experience - July 2020
NVIDIA patches high severity GeForce Experience vulnerabilities October 22, 2020 https://www.bleepingcomputer.com/ne...-severity-geforce-experience-vulnerabilities/ NVIDIA: Security Bulletin: NVIDIA GeForce Experience - October 2020
NVIDIA Patches High-Severity GeForce Spoof-Attack Bug June 28, 2021 https://threatpost.com/nvidia-high-severity-geforce-spoof-bug/167345/ NVIDIA: Security Bulletin: NVIDIA GeForce Experience - June 2021