1. Home
  2. Electronics Design
  3. Important: Update your nvidia geforce/graphics driver to be secure !

Important: Update your nvidia geforce/graphics driver to be secure !

I noticed my system crashing while playing this bubble game on agar.io website.

Blue screen of death

Driver nvlddmkm.sys was at fault.

I just checked nvidia's latest driver and it is confirmed that this driver is buggy and not only that but it has some serious security risks !

Therefore I highly recommend everybody to update their driver !

Better be safe than sorry ! This is a big one, see below:

Release 390 Graphics Drivers for Windows, Version 391.35

Cut & Pasted important infos:

Vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a NULL pointer dereference may lead to Denial of Service or Escalation of Privileges.

Vulnerability in the kernel mode layer handler for DxgkDdiEscape where the software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer which may lead to denial of service or possib le escalation of privileges.

Vulnerability in kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges.

Vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a NULL pointer dereference occurs which may lead to denial of service or possible escalation of privileges.

Vulnerability in Directx 10 Usermode driver, where specially crafted pixel shad er can cause writing to unallocated memory which may lead to denial of service or potential code execution.

Vulnerability in the kernel mode layer handler for DxgkDdiEscape where the software allows an actor access to restricted functionality that is unnecessary to production usage, and which may result in denial of service.

Vulnerability in DirectX and OpenGL Usermode drivers where specially crafted pixel shader can cause infinite recursion which may lead to denial of service.

Bye, Skybuck.

P.S.: Will update driver after these important postings ! If no further communication from me assumed everything went fine ! =D

Reply to
skybuck2000
Loading thread data ...

(...)

List of Nvidia security bulletins (in reverse chronological order):

4 "updates" this month. 
--
Jeff Liebermann     jeffl@cruzio.com 
150 Felker St #D    http://www.LearnByDestroying.com 
Santa Cruz CA 95060 http://802.11junk.com 
Skype: JeffLiebermann     AE6KS    831-336-2558
Reply to
Jeff Liebermann

  • Let me get this straight. you UPDATES the driver and got a serious bug. Now you say one should update more? YOU are nuts.
Reply to
Robert Baer

Unfortunately getting the very fastest possible performance out of these graphics cards for gaming and making the OS properly secure are mutually incompatible goals. Gaming won on the Mickeysoft platform.

--
Regards, 
Martin Brown
Reply to
Martin Brown

It's not really that strange. From the manufacturers perspective, the best customers are repeat customers. What makes a repeat customer buy the latest and greatest device? The promise of bug fixes, security fixes, updates, feature bloat, and faster performance. In the game PC segment, add cosmetics, futuristic styling, and expensive minimum system requirements. Were the manufacturer to actually deliver on these promises, by providing a bug free product, the customers would buy exactly one device and never upgrade to the latest and greatest device because everything works as advertised and as expected. Therefore, no bugs means no future sales.

If one were to design a new device, some consideration for future sales should be designed into the product. The firmware should include a built in warranty timer, that produces relatively innocuous spontaneous reboots, hangs, and functional glitches after the warranty period has expired. To the end user, this will give the appearance of a deteriorating and unreliable device, which is in need of replacement. If it appears that this fails to inspire sales, then simply increase the variety and frequency of these failures.

"Success through Mediocrity(tm)"

--
Jeff Liebermann     jeffl@cruzio.com 
150 Felker St #D    http://www.LearnByDestroying.com 
Santa Cruz CA 95060 http://802.11junk.com 
Skype: JeffLiebermann     AE6KS    831-336-2558
Reply to
Jeff Liebermann

Nah, there's nothing particular about the design of Windows that makes it "better" for gaming it's simply inertia. No reason you can't get top performance out of graphics hardware on Linux for games too NVidia makes a set of proprietary drivers for their latest hardware for Linux as well it's just a question of the time required to adapt/optimize the source code for the other OS and OpenGL.

As of 2018 some big name titles where there is both a native Linux (not thru Wine) and Windows variant available actually perform better on Linux.

Reply to
bitrex

A big bottleneck for games on Windows is drive access; ext4 seems to be just a superior file system for speed on read/write large sequential files-type of access that games do a lot. Win 10 and NTFS with a laptop that has 7200 or even 5400 rpm spinning rust is just a bad combo performance-wise.

Reply to
bitrex

One of the updated diver updates prevents the Gforce experiance app from running, which means you cant use the app to get the updates ;)

And I guess there are some more bugs in the other updates.

Cheers

Reply to
Martin Riddle

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.