NVIDIA has issued a warning that its previous drivers have serious security issues. The bugs found in the software allow denial of service attacks, which allow attackers to gain administrative privileges, compromising the security of the entire system. Issues affect GeForce GTX, GeForce RTX, Quadro and Tesla series professional graphics cards. The necessary patches have already been released for almost all hardware options, however, those users who do not rely on automatic driver updates through GeForce Experience should install the fixed versions themselves.
According to a security bulletin released by NVIDIA over the holidays, the issue is with one of the core driver core components (nvlddmkm.sys). The software errors made in it with the synchronization of data shared between the driver and system processes open up the possibility for a variety of malicious attacks. Dangerous bugs have long been leaked into the NVIDIA code and are present in driver versions for GeForce video cards with number 430, as well as in drivers for professional Quadro and Tesla cards with numbers 390, 400, 418 and 430.
In addition, another critical error was found in the driver installer. According to the bulletin, the program incorrectly loads Windows system libraries without checking their location or signature. This opens up the possibility for attackers to spoof DLL files that are loaded at a high priority level.
These vulnerabilities are very serious, so all users of NVIDIA graphics cards are strongly advised to update the drivers installed on the system to the corrected versions. For GeForce GTX and GeForce RTX family cards, the safe driver version for them is 430.64 (or later). For cards of the Quadro family, the corrected versions are numbered 430.64 and 425.51, and for products of the Tesla family, they are number 425.25. For older professional graphics cards that cannot be updated to the specified versions, fixes should follow within the next two weeks.
Source: 3dnews.ru