Vulnerability Description:
The NVIDIA control panel on Windows is affected by an unquoted path vulnerability. A local attacker could gain elevated privileges by inserting an executable file in the path of the affected process.
Exploit Scope and Risk:
The NVIDIA Control Panel executable Smart Maximize Helper contains an unquoted path vulnerability in which the nvSmartMaxApp.exe lacks appropriate double quotes in the process name paths when launching process threads. As such, malicious actors have the ability to place programs at appropriate locations in a search path such as C:\Program.exe". This allows malicious code to execute with elevated privileges during Windows startup.
The CVSS Risk assessment is listed below.
CVSS Base Score - 6.8
Exploitability sub-score - 3.1
Access Vector: Local
Access Complexity: Low
Authentication: Single
Impact sub-score - 5.3
Confidentiality Impact: Complete
Integrity Impact: Complete
Availability Impact: Complete
CVSS temporal sub-score - 5.6
Exploitability: Functional exploit exists
Remediation Level: Official Fix
Report Confidence: Confirmed
CVSS Environmental Score - [determined by user]
NVIDIA's risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. We recommended consulting a local security or IT professional to evaluate the risk of your specific configuration. NVIDIA doesn't know of any exploits to this issue at this time.
Vulnerable Configurations:
This issue affects Windows systems where the NVIDIA driver is installed for all GPUs.
Vulnerability Discovery:
NVIDIA was informed of this issue by Wesley Daniels.
Fix:
NVIDIA recommends that users upgrade to the fixed driver version - details below.
|
OS |
Branch |
1st version that includes the fix |
|
Windows |
R358 |
358.87 |
|
Windows |
R352 |
354.35 |
|
Windows |
R340 |
341.92 |
Mitigations:
Always observe the following safe computing practices:
Only download or execute content and programs from trusted third parties.
Run your system and programs with the least privilege necessary. Users should run without root privileges whenever possible.
When running as root, do not elevate privileges for activities or programs that don't need them.