NVIDIA Issue Security Advisory For GeForce, Quadro & Tesla Drivers, SHIELD TV
Over the weekend NVIDIA updated their Product Security board with two important bulletins alerting owners of vulnerabilities in their software stack, specifically GPU drivers and SHIELD TV firmware. While not necessarily critical, advisories like these should be actioned as widely as possible and particularly in workplace environments where there is open access to systems.
The first, likely affecting the largest number of end-users, is Security Bulletin 4841 for NVIDIA GeForce, Quadro and Tesla display drivers. It details five specific vulnerabilities in driver editions released prior to 431.60, the highest of which has a severity score of 8.8 out of 10. In order to exploit these vulnerabilities however a malicious agent would need local access, and if that were the case then there would likely be other priorities to concern yourself with.
To mitigate the vulnerabilities outlined NVIDIA recommend updating your driver to the latest versions either through GeForce Experience, direct driver download or developer portals. Quadro and Tesla R400 and R418 driver families respectively will be updated later this month.
Security Bulletin 4804 for NVIDIA's SHIELD TV set-top box lists a whopping nine vulnerabilities (reproduced below), the most serious of which being CVE-2018-6241 with a base severity score of 9.3 due to the potential for arbitrary code execution combined with privilege escalation. All are mitigated by the recent Android O SHIELD TV GeForce Experience Update 8.
SHIELD TV owners should be prompted to update their device on startup through a message in the main menu, but they can also manually check for updates through Settings>About>System update.
SOURCE: NVIDIA Product Security Board