Gamer Alert: Serious Nvidia Flaw Plagues Graphics Driver

erek

[H]F Junkie
Joined
Dec 19, 2005
Messages
10,785
Oh no! :( Nvidia also caught in the act of piss-poor security habits like Intel !!! :(

"It’s only the latest Nvidia security patch impacting its gaming-enthusiast customer base. Nvidia last year issued fixes for high-severity flaws in two popular gaming products, including its graphics driver for Windows and GeForce Experience. The flaws could be exploited to launch an array of malicious attacks – from DoS to escalation of privileges. Also in 2019, Nvidia patched another high-severity vulnerability in its GeForce Experience software, which could lead to code-execution or DoS of products, if exploited. "

https://threatpost.com/gamer-alert-serious-nvidia-flaw-plagues-graphics-driver/153380/
 
Last edited by a moderator:
According to Nvidia in its security advisory, published Friday, an attacker with local system access can corrupt a system file in the control panel, which would lead to DoS or escalation of privileges.

Well if a hacker has "local system access" on your machine, you're already screwed. I mean, yeah, they can do worse stuff with the privilege escalation but they would have to be inside in the first place.
 
Last edited:
all the people that wont cut amd any slack better be in here not cutting nvidia slack...

Eh, that will not happen but, no biggie. :) How will Nvidia patch this without it being automatically updated?
 
Data Centers primarily run Intel & nVidia hardware, there is an economic incentive for people to study that hardware & drivers for any flaw or exploit no matter how minor or difficult execute outside a lab. Should world progress in a way where AMD were in the dominant position instead I am sure there would be an equal focus on their flaws and exploits as well.
 
Hate to see what you think of AMD drivers then...
While I generally agree with this I am not sure if it is AMD's drivers that are sub par or their installers, once I get a driver to properly install things are great is is the 2 or 3 attempts it often takes to get said functional install that is the real problem.
 
Well if a hacker has "local system access" on your machine, you're already screwed. I mean, yeah, they can do worse stuff with the privileged escalation but they would have to be inside in the first place.

I have a single account on my home computers and it has admin rights. That isn’t very secure but it sure is convenient. So if you have local access it’s already game over.
 
AMD does the same thing with their Radeon drivers, the difference is....they don't like to draw any attention to things like these in keeping with the perception of AMD's bulletproof security.

https://www.techpowerup.com/263237/...ty-vulnerabilities-with-radeon-20-1-1-drivers
tbh all of them have been patching out vulnerabilities since day 1 without anyone saying a word, just the way software is. it wasn't until all the intel shit started going public that all of a sudden tech media realized it was easy click money to start publicizing it.
 
To be fair, the drivers have to actually work in order to be exploited. If AMD drivers were a clock, they'd be right twice a day.

Can't exploit something that doesn't work, brilliant!
giphy (5).gif
 
To be fair, the drivers have to actually work in order to be exploited. If AMD drivers were a clock, they'd be right twice a day.
to be fair, they hardly have problems but when there is one all the nvidia crowds comes out and says "see see i told you they are crap" and carry on like here and every other thread.
edited speeling
 
Last edited:
Oh no! :( Nvidia also caught in the act of piss-poor security habits like Intel !!! :(

"It’s only the latest Nvidia security patch impacting its gaming-enthusiast customer base. Nvidia last year issued fixes for high-severity flaws in two popular gaming products, including its graphics driver for Windows and GeForce Experience. The flaws could be exploited to launch an array of malicious attacks – from DoS to escalation of privileges. Also in 2019, Nvidia patched another high-severity vulnerability in its GeForce Experience software, which could lead to code-execution or DoS of products, if exploited. "

https://threatpost.com/gamer-alert-serious-nvidia-flaw-plagues-graphics-driver/153380/
Both Nvidia and AMD have had GPU driver security issues forever now and issues fixes in various drivers. It isnt some new thing.

What Nvidia patched over the years:
https://www.nvidia.com/en-us/security/


Cant find a similar page for AMD but they recently patched a few things. Their CPU security page is easy to find at least.
https://www.techpowerup.com/263237/...ty-vulnerabilities-with-radeon-20-1-1-drivers
 
Last edited:
Well, the newest versions of Geforce Experience cause crashing in multiple games. Uninstalling fixes the crashes.

I haven't had problems with the drivers themselves as of late except that they have issues with EVGA Precision X1. If it is loaded, then games still crash. The fix... don't use EVGA Precision.... stupid fix when it worked fine with the older driver versions.

I have not been impressed at all with the last 4-5 driver releases from nVidia.
 
Oh no! :( Nvidia also caught in the act of piss-poor security habits like Intel !!! :(

"It’s only the latest Nvidia security patch impacting its gaming-enthusiast customer base. Nvidia last year issued fixes for high-severity flaws in two popular gaming products, including its graphics driver for Windows and GeForce Experience. The flaws could be exploited to launch an array of malicious attacks – from DoS to escalation of privileges. Also in 2019, Nvidia patched another high-severity vulnerability in its GeForce Experience software, which could lead to code-execution or DoS of products, if exploited. "

https://threatpost.com/gamer-alert-serious-nvidia-flaw-plagues-graphics-driver/153380/


Dude, the spyware called "GeForce Experience" is NOT the driver. I know this is what source says but they're wrong
 
I've never used Geforce Experience, and I've never had any problems with Nvidia's drivers.

I also avoid auto-running any other unnecessary 3rd-party software. Funny how that leads to a more stable system.

If you tweak/monitor every little part of your system,, you have to realize that every one of those software tools were written by at-best software interns (or it's someone's open-source side project.)

Running them should be done with an understanding of the level of bug testing that went into them. Even though most of these tools perform direct hardware access to monitor things.

Even a tool like Geforce Experience i s going to be handed by the B- team.
 
my point still stands.

Not really. It's a security issue that was fixed before anyone knew it existed. There is no evidence of it being out in the wild or of any kind of delay in patching it. Nvidia's drivers have their issues, but the focus should be on the things that are actual issues not making a mountain out of a molehill.
 
I've never used Geforce Experience, and I've never had any problems with Nvidia's drivers.

I also avoid auto-running any other unnecessary 3rd-party software. Funny how that leads to a more stable system.

If you tweak/monitor every little part of your system,, you have to realize that every one of those software tools were written by at-best software interns (or it's someone's open-source side project.)

Running them should be done with an understanding of the level of bug testing that went into them. Even though most of these tools perform direct hardware access to monitor things.

Even a tool like Geforce Experience i s going to be handed by the B- team.
How you know so much about it?:)
 
Glad to know that the hacker sitting at my office PC logged on as a local admin can't exploit my video driver anymore. Phew! That was close!
 
to be fair, they hardly have problems but when there is one all the nvidia crowds comes out and says "see see i told you they are crap" and carry on like here and every other thread.
edited speeling
Why is it always documented that they have issues? I have friends who have AMD cards and they have driver crashes especially with newer games. You act like it never happens but that would be incorrect. I haven't had very many driver issues with my Nvidia cards over the course of my 25 years of working with computers (no im not 25 years old either).
 
Not really. It's a security issue that was fixed before anyone knew it existed. There is no evidence of it being out in the wild or of any kind of delay in patching it. Nvidia's drivers have their issues, but the focus should be on the things that are actual issues not making a mountain out of a molehill.
except you know, the average user that never updates their drivers. like my roommate, has no idea what he's doing with a pc and nothing gets done to his system unless i do it. everyone rocking nvidia love to rag on amd but never dare criticise nv.

Why is it always documented that they have issues? I have friends who have AMD cards and they have driver crashes especially with newer games. You act like it never happens but that would be incorrect. I haven't had very many driver issues with my Nvidia cards over the course of my 25 years of working with computers (no im not 25 years old either).
and i havent had many drivers issues with amd or nvidia over my 25+ years. but it always seems like nvidia people making the most noise, especially if an amd person dares say they arent having an issue.
 
How you know so much about it?:)


I'm an embedded software developer. I also wrote a tool called MuvoMaster back in the day (because everyone else wrote a buggy mess to support the buggy mess that was the first-generation muvo filesystem)).

For most people, the tools are a distraction form other major projects (write it, then forget about improving/ fixing bugs once it works to your needs).

The dedication/team size for smaller tools tends to be a lot less than you''ll have for major applications/GUIs/library development. Just look at how many abandoned open-source tools there are!

One or two probably won't affect your system's stability but when you're running a dozen or more, you're rolling the dice on how well written they are.
 
Last edited:
Back
Top