SB2020100103 - Multiple vulnerabilities in NVIDIA D3D10 driver
Published: October 1, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 secuirty vulnerabilities.
1) Out-of-bounds write (CVE-ID: N/A)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the nvwg MOV_SAT functionality. A remote authenticated attacker can use a specially crafted shader, trigger out-of-bounds write and execute arbitrary code on the target system.
2) Out-of-bounds write (CVE-ID: N/A)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the nvwg functionality. A remote authenticated attacker can use a specially crafted shader, trigger out-of-bounds write and execute arbitrary code on the target system.
3) Out-of-bounds write (CVE-ID: N/A)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the nvwg MOV2 functionality. A remote authenticated attacker can use a specially crafted shader, trigger out-of-bounds write and execute arbitrary code on the target system.
4) Out-of-bounds write (CVE-ID: N/A)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the nvwg DCL_CONSTANT_BUFFER functionality. A remote authenticated attacker can use a specially crafted shader , trigger out-of-bounds write and execute arbitrary code on the target system.
5) Out-of-bounds write (CVE-ID: N/A)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the nvwg MOV functionality. A remote authenticated attacker can use a specially crafted shader, trigger out-of-bounds write and execute arbitrary code on the target system.
6) Out-of-bounds write (CVE-ID: N/A)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the nvwg MUL functionality. A remote authenticated attacker can use a specially crafted shader, trigger out-of-bounds write and execute arbitrary code on the target system.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1034
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1039
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1036
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1038
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1035
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1037