GeForce Driver Updates Contain Security Fixes

Subject: Graphics Cards | February 28, 2019 - 11:25 PM |
Tagged: nvidia, graphics drivers, security

Normally, when we discuss graphics drivers, there are a subset of users that like to stay on old versions. Some have older hardware and they believe that they will get limited benefits going forward. Others encounter a bug with a certain version and will refuse to update until it is patched.

In this case – you probably want to update regardless.

View Full Size

NVIDIA has found eight security vulnerabilities in their drivers, which have been corrected in their latest versions. One of them also affects Linux... more on that later.

On Windows, there are five supported branches:

  • Users of R418 for GeForce, Quadro, and NVS should install 419.17.
  • Users of R418 for Tesla should install 418.96.
  • Users of R400 for Quadro and NVS should install 412.29.
  • Users of R400 for Tesla should install 412.29.
  • Users of R390 for Quadro and NVS should install 392.37.

Basically, you should install 419.17 unless you are using professional hardware.

One issue is being likened to Meltdown and Spectre although it is not quite the same. In those cases, the exploit took advantage of hardware optimizations leak system memory. In the case of CVE-2018-6260, however, the attack uses NVIDIA’s performance counters to potentially leak graphics memory. The difference is that GPU performance counters are a developer tool, used by applications like NVIDIA Nsight, to provide diagnostics. Further, beyond targeting a developer tool that can be disabled, this attack also requires local access to the device.

Linux users are also vulnerable to this attack (but not the other seven):

  • Users of R418 for GeForce, Quadro, and NVS should install 418.43.
  • Users of R418 for Tesla should install 418.39.
  • Users of R400 for GeForce, Quadro, NVS, and Tesla should install 410.104.
  • Users of R390 for GeForce, Quadro, NVS, and Tesla should install 390.116.
  • Users of R384 for Tesla should install 384.183.

Whether on Windows or Linux, after installing the update, a hidden option will allow you to disable GPU performance counters unless admin credentials are provided. I don’t know why it’s set to the insecure variant by default… but the setting can be toggled in the NVIDIA Control Panel. On Windows it’s Desktop then Enable Developer Settings then Manage GPU Performance Counters under Developer then Restrict access to the GPU counters to admin users only. See the driver release notes (especially the "Driver Security" section) for more info.

View Full Size

The main thing to fix is the other seven, however. That just requires the driver update. You should have received a notification from GeForce Experience if you use it; otherwise, check out NVIDIA’s website.

Source: NVIDIA

Video News


March 1, 2019 | 08:33 AM - Posted by Vighnesh k chettiar (not verified)

I like to build pc

March 1, 2019 | 10:47 AM - Posted by Gezzerguybloke99 (not verified)

I like a, do, the cha cha

March 1, 2019 | 11:00 AM - Posted by 3astardo (not verified)

I like being built Pc and do the Cha Cha Cha

March 1, 2019 | 12:49 PM - Posted by CollosalCollapse (not verified)

i like the built pc and the dode cha cha boom chaka laka

March 1, 2019 | 02:56 PM - Posted by Jeremy Hellstrom

LMAO cha cha cha

March 1, 2019 | 04:19 PM - Posted by AnonymouslyYours (not verified)

OMFG WTF ROFLMFAO

March 3, 2019 | 06:13 AM - Posted by Anonski (not verified)

POOM POOM

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote><p><br>
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.