Back to Top

Nvidia warns users to update GPU drivers as handful of vulnerabilities uncovered

Nvidia logo

November 12, 2019 Nvidia has release graphics driver package 441.20 with support for Star Wars Jedi: Fallen Order. We now recommend updating to these drivers over 441.12 for the latest security updates.

Nvidia has published a security bulletin for all Nvidia GPU display drivers up to, but not including, the latest release (441.12). Within the bulletin the GPU company reports various vulnerabilities including those with the potential for denial of service or escalation of privilege attacks. Fear not, these holes are easily patched – simply update your drivers.

The Nvidia security bulletin for November 2019 outlines nine weaknesses of varying degrees of severity present in Nvidia’s outdated drivers – the most severe rated at 7.8 on the CVSS V3 standard. All are limited to local vectors alone, so their risk will vary depending on your system setup and access. However, no matter the realistic risk to your system you ought to get mitigating quick.

Any system running a GeForce graphics card can be updated immediately, and many of you may have already done so (go you). There’s also driver fixes available for most up-to-date Quadro systems running any R440 version. Previous versions of Quadro and Tesla cards will have a fix come week commencing November 18, 2019. Some hardware vendors are also rolling out the security updates within older driver packages.

Two of the vulnerabilities were reported by Peleg Hadar of SafeBreach Labs: CVE-2019-5694 and CVE-2019-5695.

CVE Description Base Score Vector
CVE‑2019‑5690 NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE‑2019‑5691 NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE‑2019‑5692 NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape 7.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVE‑2019‑5693 NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) 6.5 AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVE‑2019‑5694 NVIDIA Windows GPU Display Driver contains a vulnerability in NVIDIA Control Panel 6.5 AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
CVE‑2019‑5695 NVIDIA Windows GPU Display Driver contains a vulnerability 6.5 AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
CVE‑2019‑5696 NVIDIA Virtual GPU Manager contains a vulnerability 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE‑2019‑5697 NVIDIA Virtual GPU Manager contains a vulnerability 5.3 AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CVE‑2019‑5698 NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin 5.1 AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

If you haven’t updated your drivers already, Nvidia driver version 441.12 introduces optimisations and bug fixes for Red Dead Redemption 2 (which you’ll want for the best chance at a bug-free RDR2 experience) and additional G-Sync support, including for LG’s 4K OLEDs.

You can download the official driver package for your graphics card from the Nvidia driver page here.

Back to Navigation