Five security vulnerabilities have been found within the Nvidia GPU Display Driver. All versions of Nvidia’s GeForce drivers prior to 431.60 are susceptible to local code execution, denial of service, or escalation of privileges, and Nvidia recommends updating your drivers immediately to patch things up.

You can download the necessary patched GeForce drivers (via Bleeping Computer), version 431.60, from the Nvidia website right now, and it’s recommended that you do so lickety-split to keep your system secure. Users with Quadro or Tesla cards will need to download the corresponding drivers for their systems, and those on R418 or R400 driver versions will need to wait until August 12 and 19 respectively for the necessary fixes.

While patching your system and keeping it up-to-date is always the best course of action and best practice, all of the flaws listed today require local access in order to be exploited. That means you’re unlikely to see any nefarious goings on in regards to your system without some ding dong in a balaclava physically sat in your office or bedroom.

Windows driver versions 431.23, 425.85, and 412.39 also contain the security update, and may be distributed by your system vendor.

CVE Description Base Score Vector CVE‑2019‑5683 NVIDIA Windows GPU Display Driver contains a vulnerability in the user mode video driver trace logger component. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges. 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE‑2019‑5684 NVIDIA Windows GPU Display Driver contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access of an input texture array, which may lead to denial of service or code execution. 7.8 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE‑2019‑5685 NVIDIA Windows GPU Display Driver contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access to a shader local temporary array, which may lead to denial of service or code execution. 7.8 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE‑2019‑5686 NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software uses an API function or data structure in a way that relies on properties that are not always guaranteed to be valid, which may lead to denial of service. 5.6 AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H CVE‑2019‑5687 NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which an incorrect use of default permissions for an object exposes it to an unintended actor, which may lead to information disclosure or denial of service. 5.2 AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A

It was only a couple of months ago that Nvidia had to enforce another update due to security exploits present it the GeForce Experience code. The vulnerabilities in this application’s backend similarly allowed for escalation of privileges, code execution, and denial of service attacks, but was patched pre-disclosure. And that’s why you always update your drivers.