Normally Nvidia launches its new graphics drivers with a fanfare and claims a string of gaming titles are now 'game ready'. Its latest driver, version 376.33 WHQL, comes with no such boasts, or accompanying GeForce.com blog posts. There are no new game ready titles listed, there are no new SLI profiles, however there is what could be an important tidying up of multiple low-level security vulnerabilities.
Before we look over the security fixes, let's quickly cover the other few changes in this driver. First of all an issue causing corruption in YouTube video playback in Chrome has been fixed (Windows 10). In addition a fix has been implemented for all Windows versions 7 and newer to do with installing the Display Container software. Sadly, an expected fix for a Folding@Home issue hasn't arrived with 376.33 WHQL but will instead be deployed in a hotfix release.
For gamers specifically, the driver takes away more than it provides as one of the release notes 'highlights' is the disabling of the SLI profile for Titanfall 2. Furthermore, a lengthy list of irksome issues remains in games such as Dead Rising 4, The Division, For Honor, Gears of War, and more.
The key security fix-ups are for Windows 7, 8 and 8.1 machines. For example:
- NV_ESC_ID_NVAPI_REPORT_WFD_HOTPLUG and NV_ESC_ID_NVAPI_ENUM_DISPLAYIDS_EX don't validate the size of input, causing a KERNEL_SECURITY_CHECK_FAILURE [1808374], and
- NVL_ESC_ID_COMMON_REGISTRY_ACCESS escalates user privileges when the registry is accessed [1359976].
Recent Nvidia Windows and Linux driver vulnerabilities (and fixes including installing the Nvidia GeForce 376.33 drivers) are listed on the Nvidia Support security bulletin page. It is noted that Google Project Zero and Cisco Talos engineers contributed to the recent finding/fixing of Nvidia driver vulnerabilities.