-
Drivers
-
Products
-
Processors
-
Technologies
-
NVIDIA GRID
-
NVIDIA VCA
-
3D Vision
-
Platforms
-
SHIELD
-
-
Communities
-
Support
-
Shop
-
About NVIDIA
NVIDIA takes security concerns seriously and works to quickly evaluate and address them. Once a security concern is reported, NVIDIA commits the appropriate resources to analyze, validate and provide corrective actions to address the issue. NVIDIA works with the security intelligence community to ensure product related vulnerabilities and corrective actions are appropriately disclosed.
NVIDIA product and service related security concerns can be reported here. All submissions are monitored by NVIDIA product security teams and if follow-up communications are necessary, you will be contacted by one of our security specialists.
PLEASE NOTE: Product technical support is not available here. For technical support of NVIDIA products, please visit our NVIDIA Support Website.
This list includes brief descriptions of potential security vulnerabilities. These issues are resolved by updating to the latest NVIDIA drivers.
Brief | Originally Posted | Last Updated |
CVE-2014-0160: Gamestream OpenSSL Vulnerability The OpenSSL library included in the GameStream component of GeForce Experience 2.0.0 is subject to the recently disclosed Heartbleed vulnerability. As a result, an attacker who successfully exploited this vulnerability could from another computer read the GameStream service process memory, and potentially steal confidential GameStream session data, including the user password, or decrypt future GameStream sessions. | 04/29/2014 | 04/29/2014 |
CVE-2013-5987: Unprivileged GPU access Vulnerability An NVIDIA graphics driver bug allows unprivileged user-mode software to access the GPU inappropriately. An attacker who successfully exploited this vulnerability could take control of an affected system. | 12/2/2013 | 12/2/2013 |
CVE-2013-0131: NVIDIA UNIX GPU Driver ARGB Cursor Buffer Overflow in "NoScanout" Mode. When the NVIDIA driver for the X Window System is operated in "NoScanout" mode, and an X client installs an ARGB cursor that is larger than the expected size (64x64 or 256x256, depending on the driver version), the driver will overflow a buffer. This can cause a denial of service (e.g., an X server segmentation fault), or could be exploited to achieve arbitrary code execution. Because the X server runs as setuid root in many configurations, an attacker could potentially use this vulnerability in those configurations to gain root privileges. | 4/2/2013 | 4/2/2013 |
CVE-2013-0109 NVIDIA Display Driver Service Vulnerability Due to an issue identified with the NVIDIA driver, a malicious actor could – by forcing exceptions and overwriting memory – potentially escalate privileges to gain administrative control of a system. The vulnerability is associated with the NVIDIA Display Driver service, and affects NVIDIA drivers for Windows operating systems (Windows XP/Windows Vista/Windows 7/Windows 8 - 32 & 64-bit) starting with the Release 173 drivers. | 2/22/2013 | 2/22/2013 |
CVE-2013-0110 NVIDIA Stereoscopic 3D Driver Service Vulnerability NVIDIA has verified an issue with the NVIDIA Stereoscopic 3D Driver Service (nvSCPAPISvr.exe), which could allow a malicious actor to potentially escalate privileges locally by inserting an executable file in the path of the affected service. The specific issue identified was that the service used an unquoted service path, containing at least one whitespace. | 2/22/2013 | 2/22/2013 |
CVE-2013-0111 NVIDIA Update Service Daemon Vulnerability NVIDIA has verified an issue with the NVIDIA Update Service Daemon (daemonu.exe), which could allow a malicious actor to potentially escalate privileges locally by inserting an executable file in the path of the affected service. The specific issue identified was that the service used an unquoted service path, containing at least one whitespace. | 2/22/2013 | 2/22/2013 |
CVE-2012-4225 NVIDIA UNIX graphics driver Vulnerability NVIDIA UNIX graphics drivers before 295.71 and before 304.32 allows local users to write to arbitrary physical memory locations and gain privileges by modifying the VGA window using /dev/nvidia0. | 8/2/2012 | 2/20/2013 |
Security vulnerability CVE-2012-0946 in the NVIDIA UNIX driver This vulnerability makes it possible for an attacker who has read and write access to the GPU device nodes to reconfigure GPUs to gain access to arbitrary system memory. | 4/4/2012 | 8/6/2012 |
CVE-2006-5379 NVIDIA UNIX graphics driver Vulnerability The accelerated rendering functionality of NVIDIA Binary Graphics Driver (binary blob driver) For Linux v8774 and v8762 allows local and remote attackers to execute arbitrary code via a large width value in a font glyph, which can be used to overwrite arbitrary memory locations. | 10/18/2006 | 2/20/2013 |