This issue is rated as critical due to the possibility of remote code execution and/or information disclosure. NVIDIA has released a driver update to address this issue. End users are advised to update their installations as soon as possible.
CVE-2018-3628 : A null-pointer dereference was discovered in the kernel mode layer (nvldumd32.dll) of the NVIDIA driver. A local attacker can exploit this issue to cause a system crash.
CVE-2018-3629 : A race condition was discovered in the kernel mode layer (nvldumd32.dll) of the NVIDIA driver. A local attacker can exploit this issue to cause a system crash.
CVE-2018-3630 : A race condition was discovered in the kernel mode layer (nvldumd32.dll) of the NVIDIA driver. A local attacker can exploit this issue to cause a system crash.
CVE-2018-3631 : A race condition was discovered in the kernel mode layer (nvldumd32.dll) of the NVIDIA driver. A local attacker can exploit this issue to cause a system crash.
CVE-2018-3632 : A race condition was discovered in the kernel mode layer (nvldumd32.dll) of the NVIDIA driver. A local attacker can exploit this issue to cause a system crash.
CVE-2018-3633 : A race condition was discovered in the kernel mode layer (nvldum
NVIDIA GPU Product Affected
NVIDIA GPU Device Management and Configuration Library (nvdmc)
NVIDIA GPU Device Management and Configuration Library (nvdmc) is a library that exposes the functionality of the NVIDIA Windows driver for use by third party applications. This library was introduced in NVIDIA Forceware 375.10 (July 10, 2018).
A vulnerability has been identified affecting nvdmc, which may allow a local attacker to disable the security protection on an affected system. The vulnerability could be exploited remotely without authentication by sending specially crafted messages to the target system's TCP port 7777, causing the target system to reboot.
This issue is rated as critical due to the possibility of remote code execution and/or information disclosure. NVIDIA has released a driver update to address this issue. End users are advised to update their installations as soon as possible.
NVIDIA GPU Device Firmware Updates
NVIDIA is aware of vulnerabilities which could potentially allow a malicious attacker with physical access to an NVIDIA GPU device and access to the system BIOS to gain root privileges, resulting in a denial-of-service condition.
Vulnerability #1 : NVIDIA GK104/GK106/GK208/GK210/GF100/GF110/GF114/GF117 Graphics Driver x86xx Driver Stack Buffer Overflow Vulnerability (CVE-2018-3634)
Timeline
Published on: 11/19/2022 00:15:00 UTC
Last modified on: 11/29/2022 15:43:00 UTC