In addition to the bugfixes that were known while I was writing the GeForce Game Ready 430.64 graphics drivers post, the update apparently had some security fixes, too. The most severe issue (CVE-2019-5675) has a vulnerability score of 7.7. Apparently, the kernel mode portion of the driver has a synchronization bug, which could lead to permission escalation, denial of service, or unauthorized data access. The second issue (CVE-2019-5676) involves the driver installer not correctly validating DLLs that it loads, which could allow malicious software to receive higher privileges. A third issue (CVE-2019-5677) is denial of service.

While the vulnerabilities have been disclosed, a few drivers have not yet been updated (according to NVIDIA’s support page). Quadro and Tesla drivers on the R400 branch are expected to be patched this upcoming week. Quadro drivers on the R390 branch should be patched the week after.

Interestingly, GeForce Creator Ready drivers are not listed in this document; they are still back on Release 419.67. Since that was released back in March, I am going to assume that they are vulnerable but will be patched soon. NVIDIA does not seem to say one way or the other, though.

If possible, update to the latest graphics drivers from their website or by using GeForce Experience.