Jump to content
itman

Does Eset Protect against Nvidia Driver Vulnerability Exploits?

Recommended Posts

For reference:

Quote

CVE‑2019‑5675 - NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior and unpredictable data changes, which may lead to denial of service, escalation of privileges, or information disclosure.

CVE‑2019‑5677 - NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DeviceIoControl where the software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer, which may lead to denial of service.

I am posting this since I assume many Eset users are using older Nvidia chipset graphics cards. Nvidia pretty much treats older cards as legacy. As such, they are no longer offering driver updates for these cards; even for critical security vulnerabilities such as noted previously. For example, the last available driver for my card is R390 dated Mar., 2018. This vulnerability affects all drivers prior to R430.

Since these are device driver vulnerabilities, I realize there is only so much Eset can do protection-wise against kernel mode vulnerabilities. If it can't protect against these, I guess its time to purchase a new graphics card.

Share this post


Link to post
Share on other sites

I believe nvidia should release security updates for their cards but I don't know how they work it out

But I do also believe that ESET should protect against these exploits.

Share this post


Link to post
Share on other sites

I was unable to find information if there's actual malware or at least PoC targeting the vulnerability and exploiting it for malicious purposes.

Share this post


Link to post
Share on other sites
Posted (edited)
1 hour ago, Marcos said:

I was unable to find information if there's actual malware or at least PoC targeting the vulnerability and exploiting it for malicious purposes.

Suspect the POC wasn't publically disclosed. In any case, a CVE would not have been issued unless there was supporting data. 

As far as I am aware of, there haven't been any public disclosure on any exploiting.

The main issue is both of these vulnerabilities only need low privledge status to exploit.

Quote

CVSS v3.0 Severity and Metrics:

Base Score: 7.8 HIGH
Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (V3 legend)
Impact Score: 5.9
Exploitability Score: 1.8

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

https://nvd.nist.gov/vuln/detail/CVE-2019-5675

Quote

CVSS v3.0 Severity and Metrics:

Base Score: 5.5 MEDIUM
Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (V3 legend)
Impact Score: 3.6
Exploitability Score: 1.8

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

https://nvd.nist.gov/vuln/detail/CVE-2019-5677

Edited by itman

Share this post


Link to post
Share on other sites
Posted (edited)

As far as CVE-2019- 5675 goes, I believe it is fair to assume it is similar in nature to other DxgkDdiEscape vulnerabilities previously disclosed by Google's Project Zero:

Quote

DxgkDdiEscape

A well known entry point for potential vulnerabilities here is the DxgkDdiEscape interface. This can be called straight from user mode, and accepts arbitrary data that is parsed and handled in a vendor specific way (essentially an IOCTL). For the rest of this post, we’ll use the term “escape” to denote a particular command that’s supported by the DxgkDdiEscape function.

NVIDIA has a whopping 400~ escapes here at time of writing, so this was where I spent most of my time (the necessity of many of these being in the kernel is questionable):

https://googleprojectzero.blogspot.com/2017/02/attacking-windows-nvidia-driver.html

Edited by itman

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...