Security News > 2020 > June > NVIDIA Patches Code Execution Flaws in GPU Drivers
NVIDIA this week released patches for a dozen vulnerabilities in GPU display drivers and vGPU software, including multiple issues that could lead to code execution.
The most severe of the bugs affecting the GPU drivers include CVE‑2020‑5962, which was found in the NVIDIA GPU display driver, and CVE‑2020‑5963, which resides in the CUDA driver.
Discovered in the Control Panel component of the GPU driver, the first of the issues could allow a local attacker to elevate privileges or cause a denial of service condition.
This week, the GPU maker addressed four other vulnerabilities in the GPU display driver, including one in the service host component, which could lead to code execution.
Four other vulnerabilities featuring a CVSS score of 7.8 were identified in the vGPU plugin of the NVIDIA Virtual GPU Manager and are caused by incorrect restriction of operations within the boundaries of a resource, a race condition, lack of validation of input data size, or the reference of memory locations after the targeted buffer.