Security

Subscribe

Product Info

NVIDIA Product Security

NVIDIA takes security concerns seriously and works to quickly evaluate and address them. Once a security concern is reported, NVIDIA commits the appropriate resources to analyze, validate and provide corrective actions to address the issue. NVIDIA works with the security intelligence community to ensure product related vulnerabilities and corrective actions are appropriately disclosed.

Subscribe to RSS

Notifying NVIDIA of security concerns


NVIDIA product and service related security concerns can be reported here. All submissions are monitored by NVIDIA product security teams and if follow-up communications are necessary, you will be contacted by one of our security specialists.

PLEASE NOTE: Product technical support is not available here. For technical support of NVIDIA products, please visit our NVIDIA Support Website.


Security Notifications


This list includes brief descriptions of potential security vulnerabilities. These issues are resolved by updating to the latest NVIDIA drivers.

Brief Originally Posted Last Updated
CVE-2014-0160: Gamestream OpenSSL Vulnerability
The OpenSSL library included in the GameStream component of GeForce Experience 2.0.0 is subject to the recently disclosed Heartbleed vulnerability. As a result, an attacker who successfully exploited this vulnerability could from another computer read the GameStream service process memory, and potentially steal confidential GameStream session data, including the user password, or decrypt future GameStream sessions.
04/29/2014 04/29/2014
CVE-2013-5987: Unprivileged GPU access Vulnerability
An NVIDIA graphics driver bug allows unprivileged user-mode software to access the GPU inappropriately. An attacker who successfully exploited this vulnerability could take control of an affected system.
12/2/2013 12/2/2013
CVE-2013-0131: NVIDIA UNIX GPU Driver ARGB Cursor Buffer Overflow in "NoScanout" Mode.
When the NVIDIA driver for the X Window System is operated in "NoScanout"
mode, and an X client installs an ARGB cursor that is larger than the expected size (64x64 or 256x256, depending on the driver version), the driver will overflow a buffer. This can cause a denial of service (e.g., an X server segmentation fault), or could be exploited to achieve arbitrary code execution. Because the X server runs as setuid root in many configurations, an attacker could potentially use this vulnerability in those configurations to gain root privileges.
4/2/2013 4/2/2013
CVE-2013-0109 NVIDIA Display Driver Service Vulnerability
Due to an issue identified with the NVIDIA driver, a malicious actor could – by forcing exceptions and overwriting memory – potentially escalate privileges to gain administrative control of a system. The vulnerability is associated with the NVIDIA Display Driver service, and affects NVIDIA drivers for Windows operating systems (Windows XP/Windows Vista/Windows 7/Windows 8 - 32 & 64-bit) starting with the Release 173 drivers.
2/22/2013 2/22/2013
CVE-2013-0110 NVIDIA Stereoscopic 3D Driver Service Vulnerability
NVIDIA has verified an issue with the NVIDIA Stereoscopic 3D Driver Service (nvSCPAPISvr.exe), which could allow a malicious actor to potentially escalate privileges locally by inserting an executable file in the path of the affected service. The specific issue identified was that the service used an unquoted service path, containing at least one whitespace.
2/22/2013 2/22/2013
CVE-2013-0111 NVIDIA Update Service Daemon Vulnerability
NVIDIA has verified an issue with the NVIDIA Update Service Daemon (daemonu.exe), which could allow a malicious actor to potentially escalate privileges locally by inserting an executable file in the path of the affected service. The specific issue identified was that the service used an unquoted service path, containing at least one whitespace.
2/22/2013 2/22/2013
CVE-2012-4225 NVIDIA UNIX graphics driver Vulnerability
NVIDIA UNIX graphics drivers before 295.71 and before 304.32 allows local users to write to arbitrary physical memory locations and gain privileges by modifying the VGA window using /dev/nvidia0.
8/2/2012 2/20/2013
Security vulnerability CVE-2012-0946 in the NVIDIA UNIX driver
This vulnerability makes it possible for an attacker who has read and write access to the GPU device nodes to reconfigure GPUs to gain access to arbitrary system memory.
4/4/2012 8/6/2012
CVE-2006-5379 NVIDIA UNIX graphics driver Vulnerability
The accelerated rendering functionality of NVIDIA Binary Graphics Driver (binary blob driver) For Linux v8774 and v8762 allows local and remote attackers to execute arbitrary code via a large width value in a font glyph, which can be used to overwrite arbitrary memory locations.
10/18/2006 2/20/2013