|CERT-In Vulnerability Note
Multiple vulnerabilities in GPU Drivers and GeForce Experience(GFE) software
Original Issue Date:November 07, 2019
Severity Rating: HIGH
- NVIDIA Windows GPU display driver
- NVIDIA GeForce Experience (GFE ) software
Multiple vulnerabilities have been reported in NVIDIA Windows GPU display driver and GeForce Experience (GFE ) software which could allow a local attacker to execute arbitrary code, obtain sensitive information, obtain elevated privileges and cause denial of service (DoS) on the targeted system.
These vulnerabilities exist in NVIDIA Windows GPU Display Driver kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, NVIDIA Control Panel, NVIDIA Virtual GPU Manager and NVIDIA GeForce Experience software because of the error in validating the size of input buffer, de-referenced null pointer, usage of untrusted input when calculating or using an array index, accesses of a pointer that has not been initialized and improper validation of path or signature.
Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary code, obtain sensitive information, obtain elevated privileges and cause denial of services on the targeted system.
Apply appropriate updates as mentioned in
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003