Nvidia patches eight security flaws in graphics products

From nakedsecurity.sophos.com

Chip maker Nvidia has released its first security update for 2019 (ID 4772), fixing eight CVE flaws in its Windows and Linux graphics display drivers. Users are advised to patch as soon as possible.

The company scores the flaws using the Common Vulnerability Scoring System (CVSS) v3, which shows five with a rating of 8.8, equating to ‘high’ severity rather than ‘critical’.

That’s because none can be exploited remotely and require local access, for example by executing malware on the target system.

Depending on the flaw, an exploit could lead to a denial of service state, code execution, information disclosure or, potentially worst of all, to an escalation of privileges in six of the vulnerabilities.

Affected products include the hugely popular GeForce, Quadro, and NVS, as well as the specialist Tesla graphics cards.

The full list in bulletin 4772 is: CVE-2019-5665, CVE-2019-5666, CVE-2019-5667, CVE-2019-5668, CVE-2019-5669, CVE-2019-5670, CVE-2019-5671, and CVE-2018-6260.

Read more…