NVIDIA Patches High Severity GeForce Experience Vulnerability

Discussion in 'other security issues & news' started by guest, Mar 26, 2019.

  1. guest

    guest Guest

    NVIDIA Patches High Severity GeForce Experience Vulnerability
    March 26, 2019
    https://www.bleepingcomputer.com/ne...gh-severity-geforce-experience-vulnerability/
     
  2. guest

    guest Guest

    Nvidia Fixes High-Severity Flaws in GeForce Experience for Gamers
    May 31, 2019
    https://threatpost.com/nvidia-fixes-high-severity-flaws-in-geforce-experience-for-gamers/145222/
     
  3. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    I really don't understand nVidia security advisories. Ver. 3.19 drivers date to early 2018. Also for older graphics cards like my GTS450, this is the latest driver available. So I guess, these current alerts are for new vulnerabilities found in pre-release 3.19 drivers.

    Interestingly, the latest Win 10 based driver that is auto downloaded via Win Updating is ver. 3.18. Go figure?
     
    Last edited: May 31, 2019
  4. guest

    guest Guest

    This is a security advisory for the Geforce Experience software (v3.19), not for the driver ;)
     
  5. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
  6. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Very true as I have a 2011 Dell XPS 17" Laptop with an NVIDIA 430 Mobile GPU and the last Driver I can get is: https://www.geforce.com/drivers/results/132841
    I will a reinstall on the same Driver and not install the nvidia Geforce experience and that's it.

    GeForce Game Ready Driver
    Version 391.35 - WHQL
    Release Date Tue Mar 27, 2018
    Operating System Windows 10 64-bit
    Language English (US)
    File Size 445.39 MB
     
  7. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    In reference to these two driver vulnerabilities, nVidia's advisory does state that any GeForce R430 drivers prior to 430.34 are vulnerable. Therefore, this is not just a GeForce software issue. Although nVidia has not specifically stated so, drivers prior to R430 are also probably vulnerable but N/A since they are no longer supported. See the end of this posting for GeForce products no longer supported which includes my graphics card:
    https://nvidia.custhelp.com/app/answers/detail/a_id/4797

    A month or so ago, I started getting periodic "black screen of death" with my Win 10 x(64) 1809 build totally locking up. Even the case power button was non-functional. Had to manuallt cut power to the device, wait a while, and then power back up and all was fine. After a while, I noticed this always occured when browsing using IE11. Nothing in Control Panel - Reliability Monitor or Win Event logs showed anything. Recently I started using FireFox and it at least pointed me to the cause. At least with FireFox, the device doesn't black screen.

    Reliability Monitor always showns this:
    Win Event Log in the Warning section also has a Display log entry that syncs time-wise with the Hardware error and notes this:
    To me, it is just a bit too coincidental that the above always happens when browsing. However, I just applied some system and nVidia control panel "tweaks" to see if this stops this activity.

    It is also possible the graphics card is going bad. But I would expect this activity at other times than when just browsing.
    https://nvidia.custhelp.com/app/answers/detail/a_id/3473/session/L2F2LzEvdGltZS8xNTU5NDE2Nzk3L3NpZC9mVUp2bW5fMGt1OU9pbkExU0pZalpCJTdFano0bzdYM3I5dkhodlUlN0VZa0hNY3EyNkM2QVcxbzNqeHFZSHBLRDhBODU3OGRfQ1N3RHIxQzM0UUVnX3k2U0duNGpOSjBOUmM5aGNKTkVlRU1saWRydkk0ZSU3RXZjRTRndUElMjElMjE=
     
    Last edited: Jun 2, 2019
  8. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Although no POC exists as far as CVE-2019-5675 goes, I believe it is fair to assume it is similar in nature to other DxgkDdiEscape vulnerabilities previously disclosed by Google's Project Zero:
    https://googleprojectzero.blogspot.com/2017/02/attacking-windows-nvidia-driver.html
     
  9. guest

    guest Guest

    Despite Nvidia GeForce Experience security fix, experts say “uninstall”
    June 5, 2019
    https://www.trustedreviews.com/news/despite-nvidia-gfe-security-fix-experts-say-uninstall-3835123
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
  11. guest

    guest Guest

    NVIDIA Patches High Severity Vulnerability in GeForce Experience
    December 23, 2019
    https://www.bleepingcomputer.com/ne...severity-vulnerability-in-geforce-experience/
    NVIDIA: Security Bulletin: NVIDIA GeForce Experience - December 2019
     
  12. guest

    guest Guest

    NVIDIA fixes code execution bug in GeForce Experience software
    CVSS V3 base score 6.5
    July 8, 2020

    https://www.bleepingcomputer.com/ne...execution-bug-in-geforce-experience-software/
    NVIDIA: Security Bulletin: NVIDIA GeForce Experience - July 2020
     
  13. guest

    guest Guest

    NVIDIA patches high severity GeForce Experience vulnerabilities
    October 22, 2020
    https://www.bleepingcomputer.com/ne...-severity-geforce-experience-vulnerabilities/
    NVIDIA: Security Bulletin: NVIDIA GeForce Experience - October 2020
     
  14. guest

    guest Guest

    NVIDIA Patches High-Severity GeForce Spoof-Attack Bug
    June 28, 2021
    https://threatpost.com/nvidia-high-severity-geforce-spoof-bug/167345/
    NVIDIA: Security Bulletin: NVIDIA GeForce Experience - June 2021
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.