Security Bulletin: NVIDIA NVFlash, GPUModeSwitch Tool - November 2019

NVIDIA has released a software security update for NVIDIA NVFlash Tool. This update addresses issues that may lead to escalation of privileges, information disclosure, or denial of service. This update is available only to NVIDIA OEMs and partners. Go to NVIDIA Product Security. Details This...

Security Bulletin: NVIDIA SHIELD TV - October 2019

NVIDIA has released a software security update for NVIDIA SHIELD® TV. This update addresses issues that may lead to information disclosure, denial of service, code execution, or escalation of privileges. To protect your system, download and install this software update through Settings About Syst...

Security Bulletin: NVIDIA SHIELD TV - August 2019

NVIDIA has released a software security update for NVIDIA SHIELD® TV. This update addresses issues that may lead to information disclosure, code execution, or escalation of privileges. To protect your system, download and install this software update through Settings About System update. Go to...

Security Bulletin: NVIDIA GPU Display Driver - August 2019

NVIDIA has released a software security update for the NVIDIA GPU Display Driver. This update addresses issues that may lead to local code execution, denial of service, or escalation of privileges. To protect your system, download and install this software update through NVIDIA Driver Downloads G...

Security Bulletin: NVIDIA Jetson TX1 and Jetson Nano L4T - July 2019

NVIDIA has released software security updates for NVIDIA® Jetson™ TX1 and Jetson™ Nano in the NVIDIA® Tegra® Linux Driver Package L4T. The update addresses issues that may lead to code execution, denial of service, or escalation of privileges. To protect your system, download available updates fr...

Security Bulletin: NVIDIA GeForce Experience - May 2019

NVIDIA has released a software security update for NVIDIA® GeForce Experience™. This update addresses issues that may lead to information disclosure, escalation of privileges, denial of service, or code execution. To protect your system, download and install this software update through the GeFor...

Security Bulletin: NVIDIA GPU Display Driver - May 2019

NVIDIA has released a software security update for the NVIDIA GPU Display Driver. This update addresses issues that may lead to denial of service, escalation of privileges, code execution, or information disclosure. To protect your system, download and install this software update through NVIDIA...

Security Bulletin: NVIDIA Jetson TX1 and TX2 L4T - April 2019

NVIDIA has released software security updates for NVIDIA® Jetson™ TX1 and TX2 in the NVIDIA® Tegra® Linux Driver Package L4T. The update addresses issues that may lead to code execution, denial of service, escalation of privileges, or information disclosure. To protect your system, download...

Security Bulletin: NVIDIA GeForce Experience – March 2019

NVIDIA has released a software security update for NVIDIA® GeForce Experience™. This update addresses an issue that may lead to code execution, denial of service, or escalation of privileges. To protect your system, download and install this software update through the GeForce Experience Download...

Security Bulletin: NVIDIA GPU Display Driver - February 2019

NVIDIA has released a software security update for the NVIDIA GPU Display Driver. This update addresses issues that may lead to denial of service, escalation of privileges, code execution, or information disclosure. To protect your system, download and install this software update through NVIDIA...

Security Bulletin: NVIDIA GeForce Experience - November 2018

NVIDIA has released a software update for GeForce Experience. This update addresses issues that may lead to escalation of privileges or information disclosure. To protect your system, download and install this software update through the GeForce Experience Downloads page. Details This section...

Security Notice: NVIDIA Response to “Rendered Insecure: GPU Side Channel Attacks are Practical” - November 2018

November 9, 2018 This notice is a response to the October 2018 publication “Rendered Insecure: GPU Side Channel Attacks are Practical” regarding a software security issue in the NVIDIA GPU Graphics Driver. NVIDIA worked closely with the researchers and evaluated the issue following the Coordinate...

Security Bulletin: NVIDIA SHIELD TV – October 2018

NVIDIA has released a software security update for SHIELD TV. This update addresses issues that may lead to information disclosure or escalation of privileges. To protect your system, download and install this software update. Go to NVIDIA Product Security. Details This section summarizes the...

Security Bulletin: NVIDIA GeForce Experience - September 2018

NVIDIA has released a software update to address potential security vulnerabilities in GeForce Experience. When GameStream is enabled and an unauthorized user gains system access, these issues may lead to limited user information disclosure, denial of service, or escalation of privileges. To...

Security Bulletin: NVIDIA GeForce Experience Software Security Updates for Multiple Vulnerabilities When GameStream is Enabled

NVIDIA GeForce Experience contains vulnerabilities when GameStream is enabled which may lead to escalation of privileges, denial of service, or information disclosure. Go to NVIDIA Product Security. Vulnerability Details The following sections summarize the potential vulnerabilities. Descriptions...

Security Bulletin: NVIDIA SHIELD TV Software Security Updates for Multiple Vulnerabilities

NVIDIA SHIELD TV vulnerabilities may lead to code execution, denial of service, escalation of privileges, or information disclosure Go to NVIDIA Product Security. Vulnerability Details This section summarizes the potential vulnerabilities. Descriptions use CWE™ and risk assessments follow the CVS...

Security Notice: NVIDIA Tegra RCM Vulnerability

NVIDIA'S response to the Tegra RCM issue April 24, 2018 This notice is a response to recent publications on a security issue regarding NVIDIA Tegra Recovery Mode RCM. A researcher indicates that a person with physical access to older Tegra-based processors could connect to the device's USB port,...

Security Bulletin: NVIDIA GPU Display Driver Security Updates for Multiple Vulnerabilities

NVIDIA GPU display driver vulnerabilities may lead to code execution, denial of service, information disclosure, or escalation of privileges. Go to NVIDIA Product Security. Vulnerability Details This section summarizes the potential vulnerabilities. Descriptions use CWE™ and risk assessments foll...

Security Bulletin: NVIDIA SHIELD Tablet Security Update for a Media Server Vulnerability

NVIDIA SHIELD Tablet contains a vulnerability which may lead to denial of service or escalation of privileges Go to NVIDIA Product Security. Vulnerability Details The following section summarizes the potential vulnerability. The description uses CWE™ and the risk assessment follows CVSS...

Security Bulletin: NVIDIA Jetson TX1, Jetson TK1, Jetson TX2, and Tegra K1 L4T Security Updates for Multiple Vulnerabilities

Jetson and Tegra L4T contain vulnerabilities which may lead to denial of service, escalation of privileges, or information disclosure. Go to NVIDIA Product Security. Vulnerability Details The following sections summarize the potential vulnerabilities. Descriptions use CWE™ and risk assessments...

Security Bulletin: NVIDIA SHIELD TV Security Updates for Multiple Vulnerabilities

NVIDIA SHIELD TV security updates for vulnerabilities that may lead to denial of service, information disclosure, or escalation of privileges Vulnerability Details The following sections summarize the potential vulnerabilities. Descriptions use CWE™ and risk assessments follow CVSS. CVE-2017-6282...

Security Bulletin: NVIDIA GeForce Experience (GFE) Security Updates for CPU Speculative Side Channel Vulnerabilities

NVIDIA GeForce Experience GFE response to CPU speculative side channel vulnerabilities - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 Bulletin Summary NVIDIA is providing an initial security update to mitigate aspects of Google Project Zero's January 3, 2018 publication of novel information...

Security Bulletin: NVIDIA Jetson TX2 L4T Security Updates for CPU Speculative Side Channel Vulnerabilities

Jetson L4T response to CPU speculative side channel vulnerabilities - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 Bulletin Summary NVIDIA is providing an initial security update to mitigate aspects of Google Project Zero's January 3, 2018, publication of novel information disclosure attacks that...

Security Bulletin: NVIDIA Jetson TX1, Jetson TK1, and Tegra K1 L4T Security Updates for CPU Speculative Side Channel Vulnerabilities

Jetson and Tegra L4T response to CPU speculative side channel vulnerabilities - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 Bulletin Summary NVIDIA is providing an initial security update to mitigate aspects of Google Project Zero's January 3, 2018, publication of novel information disclosure...

Security Bulletin: NVIDIA SHIELD Tablet Security Updates for CPU Speculative Side Channel Vulnerabilities

NVIDIA SHIELD Tablet Response to CPU Speculative Side Channel Vulnerabilities - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 Go to NVIDIA Product Security. Bulletin Summary NVIDIA is providing an initial security update to mitigate aspects of Google Project Zero's January 3, 2018, publication of...

Security Bulletin: NVIDIA SHIELD TV Security Updates for CPU Speculative Side Channel Vulnerabilities

NVIDIA SHIELD TV Response to CPU Speculative Side Channel Vulnerabilities - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 Bulletin Summary NVIDIA is providing an initial security update to mitigate aspects of Google Project Zero's January 3, 2018, publication of novel information disclosure attacks...

Security Bulletin: NVIDIA Driver Security Updates for CPU Speculative Side Channel Vulnerabilities

NVIDIA driver response to CPU speculative side channel vulnerabilities - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 Bulletin Summary NVIDIA is providing an initial security update to mitigate aspects of Google Project Zero’s January 3, 2018 publication of novel information disclosure attacks tha...

Security Notice: CPU Speculative Side Channel Vulnerabilities

NVIDIA's response to CPU speculative side channel vulnerabilities CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754 January 3, 2018 This notice is in response to Google Project Zero's publication of novel information disclosure attacks that combine CPU speculative execution with known side channels...

Security Bulletin: NVIDIA Linux for Tegra (L4T) “KRACK” vulnerabilities

Vulnerability Details The following section summarizes the vulnerabilities. Descriptions use CWE™ and risk assessments follow CVSS. CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088 L4T ships with a...

Security Bulletin: NVIDIA Tegra Jetson L4T contains multiple vulnerabilities; updates for “BlueBorne” and “Dnsmasq”.

Vulnerability Details The following sections summarize the vulnerabilities. Descriptions use CWE™ and risk assessments follow CVSS. CVE-2016-2434 NVIDIA Tegra kernel driver contains a vulnerability in NVHOST where an attacker can write an arbitrary value to an arbitrary location, which may lead t...

Security Bulletin: NVIDIA Installer Framework contains a vulnerability in NVISystemService64 affecting GFE

Vulnerability Details The following section summarizes the vulnerability. The description uses CWE™ and the risk assessment follows CVSS. CVE-2017-0316 NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without...

Security Bulletin: NVIDIA Shield TV contains multiple vulnerabilities; update on "BlueBorne"

Vulnerability Details The following sections summarize the vulnerabilities. Descriptions use CWE™ and risk assessments follow CVSS. CVE-2017-6248 and CVE-2017-6249 NVIDIA Tegra kernel audio driver contains a vulnerability in Audio DSP where an invalid user parameter may be copied without a check ...

Security Bulletin: NVIDIA Shield TV and Tablet contain multiple vulnerabilities

Vulnerability Details The following sections summarize the vulnerabilities. Descriptions use CWE™ and risk assessments follow CVSS. CVE-2016-6790 NVIDIA OpenMax Component contains a vulnerability in LIBNVRM where an input buffer is copied to an output buffer without checking the size of the input...

Security Bulletin: NVIDIA GPU contains multiple vulnerabilities in the kernel mode layer handler

Vulnerability Details The following sections summarize the vulnerabilities. Descriptions use CWE™ and risk assessments follow CVSS. CVE-2017-6269 NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape where a pointer passed from ...

Security Bulletin: NVIDIA GPU display driver contains multiple vulnerabilities in the kernel mode layer handler

Vulnerability Details The following sections summarize the vulnerabilities and CVSS risk assessments. CVE-2017-6251 NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a missing permissions check may allow users to gain access to arbitrary physical...

Security Bulletin: NVIDIA Shield TV and Tablet contain multiple vulnerabilities

Vulnerability Details The following sections summarize the vulnerabilities and list their CVSS risk assessments. CVE-2016-8424 NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVMAP, where referencing memory after it has been freed may lead to denial of service or possible escalation...

Security Bulletin: NVIDIA GPU Display driver contains multiple vulnerabilities in the kernel mode layer handler

Vulnerability Details The following sections summarize the vulnerabilities and lists their CVSS risk assessments. CVE-2017-0341 NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgDdiEscape, where user provided input can trigger an acces...

Security Bulletin: NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe (repackaged Node.js)

Vulnerability Details The following section summarizes the vulnerability and CVSS risk assessment. CVE-2017-6250 NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code...

Security Bulletin: NVIDIA GPU Display Driver contains multiple vulnerabilities in the kernel mode layer handler

Vulnerability Details The following sections summarize the vulnerabilities and list their CVSS risk assessments. CVE-2017-0308 NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape where untrusted input used for buffer size...

Security Bulletin: Vulnerability in NVIDIA Web Helper.exe affects NVIDIA GeForce Experience (CVE-2016-8827)

Vulnerability Details CVE-2016-8827 NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure through a directory traversal attack. CVSS...

Security Bulletin: Multiple vulnerabilities in the NVIDIA Windows GPU Display Driver kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape and a vulnerability in the Linux GPU Display Driver kernel mode layer (nvidia.ko)

Vulnerability Details CVE-2016-8821 NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape where improper access controls may allow a user to access arbitrary physical memory, leading to an escalation of privileges. CVSS Base...

Security Bulletin: NVIDIA SHIELD Contains Multiple Vulnerabilities in nvhost_job.c

Vulnerability Details CVE-2016-6915 NVIDIA nvhostjob.c contains a vulnerability in the stack buffer overflow, leading to a system crash Android Security Bulletin – December 2016 CVSS Base Score: 8.4 CVSS Temporal Score: 7.6 CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C...

Security Bulletin: NVIDIA Shield Contains Multiple Vulnerabilities in Mediaserver and Kernel

Vulnerability Details CVE-2016-3847 Kernel nvavp driver heap write overflow Android Security Bulletin - August 2016 CVSS Base Score: 8.8 CVSS Temporal Score: 7.9 CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C CVE-2016-3815 Kernel camera driver stack read of user-controlle...

Security Bulletin: NVIDIA Windows GPU Display Driver contains multiple vulnerabilities in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape

Vulnerability Details CVE-2016-8813 NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape where multiple pointers are used without checking for NULL, leading to denial of service or potential escalation of privileges. CVSS Base...

Security Bulletin: NVIDIA Linux GPU Display Driver contains missing permissions check and improper validation vulnerabilities (CVE-2016-7382, CVE-2016-7389)

Vulnerability Details CVE-2016-7382 NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer nvidia.ko handler where a missing permissions check may allow users to gain access to arbitrary physical memory, leading to an escalation of privileges. CVSS Base Score: 6.8 CVSS Tempor...

Security Bulletin: Vulnerabilities in NVIDIA Windows GPU Display Driver and NVIDIA GeForce Experience

Vulnerability Details CVE-2016-8805 NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape ID 0x7000014 where a value passed from a user to the driver is used without validation as the index to an internal array, leading to denia...

Security Bulletin: Multiple vulnerabilities affect Quadro, NVS, and GeForce Windows based systems

Security Bulletin: Multiple vulnerabilities affect Quadro, NVS, and GeForce Windows based systems CVE-2016-4959, CVE-2016-3161, CVE-2016-5852, CVE-2016-4960, CVE-2016-5025, CVE-2016-4961 Vulnerability Details CVE-2016-4959 Description: Remote Desktop denial of service. A successful exploit of a...

Security Bulletin: Vulnerabilities in Bash affect NVIDIA Tegra Linux L4T CVE 2014-6271, CVE 2014-7169, CVE 2014-7186, CVE 2014-7187, CVE 2014-6277, CVE 2014-6278

Vulnerability Details CVE-2014-6271 GNU Bash processes trailing strings after function definitions in the values of environment variables. This processing allows remote attackers to execute arbitrary code through a crafted environment. CVSS Base Score: 10 CVSS Temporal Score: 8.3 CVSS 2 Vector:...