NVIDIA GPU Display Driver Update - Lenovo Support US

Lenovo Security Advisory: LEN-27326

Potential Impact: Denial of service, escalation of privileges, or information disclosure.

Severity: High

Scope of Impact: Industry-wide

CVE Identifier: CVE-2019-5675, CVE-2019-5676, CVE-2019-5677

Summary Description:

NVIDIA has released a software update to address potential security vulnerabilities in NVIDIA Windows GPU Display Driver. These vulnerabilities are summarized below.

CVE-2019-5675:
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer(nvlddmkm.sys) handler for DxgkDdiEscape where the product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior and unpredictable data changes, which may lead to denial of service, escalation of privileges, or information disclosure.

CVE-2019-5676:
NVIDIA Windows GPU Display Driver installer software contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (aka binary planting or DLL preloading attack), leading to escalation of privileges via code execution

CVE-2019-5677:
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DeviceIoControl where the software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer, which may lead to denial-of-service.

Mitigation Strategy for Customers (what you should do to protect yourself):

NVIDIA recommends updating to the version of NVIDIA Windows GPU Display Driver (or later) described for your system in the product impact section.

Product Impact: