Security Bulletin: NVIDIA GPU Display Driver Security Updates for Multiple Vulnerabilities

Answer ID 4649
Updated 04/16/2018 04:58 PM

NVIDIA GPU display driver vulnerabilities may lead to code execution, denial of service, information disclosure, or escalation of privileges.

Go to NVIDIA Product Security.


Vulnerability Details

This section summarizes the potential vulnerabilities. Descriptions use CWE™ and risk assessments follow CVSS.

CVE-2018-6247

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a NULL pointer dereference may lead to denial of service or possible escalation of privileges.

CVSS Base Score: 8.8
CVSS Temporal Score: 7.9
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

CVE-2018-6248

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape where the software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer which may lead to denial of service or possible escalation of privileges.

CVSS Base Score: 8.8
CVSS Temporal Score: 7.9
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

CVE-2018-6249

NVIDIA GPU Display Driver contains a vulnerability in kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges.

CVSS Base Score: 8.8
CVSS Temporal Score: 7.9
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

CVE-2018-6250

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a NULL pointer dereference occurs, which may lead to denial of service or possible escalation of privileges.

CVSS Base Score: 8.2
CVSS Temporal Score: 7.1
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C

CVE-2018-6251

NVIDIA Windows GPU Display Driver contains a vulnerability in the DirectX 10 Usermode driver, where a specially crafted pixel shader can cause writing to unallocated memory, leading to denial of service or potential code execution.

CVSS Base Score: 7.0
CVSS Temporal Score: 6.3
CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CVE-2018-6252

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape where the software allows an actor access to restricted functionality that is unnecessary for production usage, and which may result in denial of service.

CVSS Base Score: 6.5
CVSS Temporal Score: 5.9
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C

CVE-2018-6253

NVIDIA GPU Display Driver contains a vulnerability in the DirectX and OpenGL Usermode drivers where a specially crafted pixel shader can cause infinite recursion leading to denial of service.

CVSS Base Score: 5.5
CVSS Temporal Score: 5.0
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

NVIDIA’s risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk to your specific configuration. NVIDIA doesn’t know of any exploits of these issues at this time.

Affected Software

The following software is impacted by the issues described in this bulletin.

CVEs Software Products Operating Systems
CVE-2018-6247
CVE-2018-6248
CVE-2018-6249
CVE-2018-6250
CVE-2018-6251
CVE-2018-6252
GeForce
Quadro
NVS
Tesla
Windows
CVE-2018-6249
CVE-2018-6253
GeForce
Quadro
NVS
Tesla
Windows
Linux
FreeBSD
Solaris

Notes:

Software Security Updates

The following supported software versions contain the security updates for the issues described in this bulletin. If you are using an unsupported software version or an earlier driver branch that is no longer supported, upgrade to one of the updated supported versions listed.

Windows

Product Product Series OS Driver Branch Updated Versions
GeForce All Windows R390 391.35 including HD Audio 1.3.36.6
Quadro, NVS All Windows R390 391.33 including HD Audio 1.3.36.6
R384 386.28 including HD Audio 1.3.36.6
Tesla All Windows R390 391.29 including HD Audio 1.3.36.6
R384 386.28 including HD Audio 1.3.36.6

Linux

Product Product Series OS Driver Branch Updated Versions
GeForce All Linux, FreeBSD, Solaris R390 390.48
R384 384.130
Quadro, NVS All Linux, FreeBSD, Solaris R390 390.48
R384 384.130
Tesla All Linux R390 390.46
R384 384.125

Notes

Download GPU fixes from the NVIDIA Driver Downloads page.

If you are an Enterprise Services customer using DGX-1 or DGX Station, visit the NVIDIA Support Enterprise Services portal for guidance.

If your computer hardware vendor provides you with a driver version that is not listed above, contact the vendor to determine if it contains these security fixes.

Mitigations

None.

Acknowledgements

CVE-2018-6251: NVIDIA thanks Piotr Bania of Cisco Talos for reporting this issue to NVIDIA PSIRT.

CVE-2018-6253: NVIDIA thanks the member of Cisco Talos for reporting this issue to NVIDIA PSIRT.

Get the Most Up to Date Product Security Information

To learn more about the vulnerability management process followed by the NVIDIA Product Security Incident Response Team (PSIRT), see the current list of NVIDIA security bulletins, or subscribe to security bulletin notifications, go to NVIDIA Product Security.

Revision History

Revision Date Description
2.0 April 16, 2018 Added a note about driver versions not listed in this bulletin provided by hardware vendors
1.0 March 28, 2018 Initial release

Frequently Asked Questions (FAQs)

How do I know what driver version I have installed?

  1. Launch Windows Device Manager.
  2. Select Display Adapters.
  3. Select the NVIDIA GPU node and right-click.
  4. Go to the Driver tab.

The driver version can be deciphered as shown in the following examples: 10.18.13.6472 is 364.72 and 10.18.13.472 is 304.72

Disclaimer

ALL NVIDIA INFORMATION, DESIGN SPECIFICATIONS, REFERENCE BOARDS, FILES, DRAWINGS, DIAGNOSTICS, LISTS, AND OTHER DOCUMENTS (TOGETHER AND SEPARATELY, “MATERIALS”) ARE BEING PROVIDED “AS IS.” NVIDIA MAKES NO WARRANTIES, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE WITH RESPECT TO THE MATERIALS, AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OR CONDITION OF TITLE, MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT, ARE HEREBY EXCLUDED TO THE MAXIMUM EXTENT PERMITTED BY LAW.

Information furnished is believed to be accurate and reliable. However, NVIDIA Corporation assumes no responsibility for the consequences of use of such information or for any infringement of patents or other rights of third parties that may result from its use. No license is granted by implication or otherwise under any patent or patent rights of NVIDIA Corporation. Specifications mentioned in this publication are subject to change without notice. This publication supersedes and replaces all information previously supplied. NVIDIA Corporation products are not authorized for use as critical components in life support devices or systems without express written approval of NVIDIA Corporation.

Was this answer helpful?
Your rating has been submitted, please tell us how we can make this answer more useful.

LIVE CHAT

Chat online with one of our support agents

CHAT NOW

ASK US A QUESTION

Contact Support for assistance

CONTACT US