• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Does NVIDIA Display Driver Service Make Your System Vulnerable?

btarunr

Editor & Senior Moderator
Staff member
Joined
Oct 9, 2007
Messages
47,311 (7.52/day)
Location
Hyderabad, India
System Name RBMK-1000
Processor AMD Ryzen 7 5700G
Motherboard ASUS ROG Strix B450-E Gaming
Cooling DeepCool Gammax L240 V2
Memory 2x 8GB G.Skill Sniper X
Video Card(s) Palit GeForce RTX 2080 SUPER GameRock
Storage Western Digital Black NVMe 512GB
Display(s) BenQ 1440p 60 Hz 27-inch
Case Corsair Carbide 100R
Audio Device(s) ASUS SupremeFX S1220A
Power Supply Cooler Master MWE Gold 650W
Mouse ASUS ROG Strix Impact
Keyboard Gamdias Hermes E2
Software Windows 11 Pro
An [ethical?] hacker going by the Twitter handle @peterwintrsmith discovered a gaping security hole in NVIDIA's display driver service that allows ordinary local and remote users to gain administrator privileges in Windows. Mr. Winter-Smith posted a description and details of the exploit, in which he describes the NVIDIA Display Device server (NVVSVC) as listening on a pipe (a means by which different processes talk to each other) "\pipe\nsvr," which has an null/empty discretionary access control list (DACL, a security whitelist for users/groups), letting ordinary logged in local and remote users (firewall permitting, and the remote admin has a local account) to gain administrator rights to the system. In our opinion, the exploit is plausible, and could cut short winter breaks of a few in Santa Clara.



View at TechPowerUp Main Site
 
Last edited:
Joined
May 14, 2012
Messages
891 (0.19/day)
Location
US
Processor AMD Ryzen 5 1600X
Motherboard AsRock X370 Taichi
Cooling Corsair H60 Liquid Cooling
Memory 16 GB CORSAIR Vengeance LPX 3000 Mhz (Running at 2933)
Video Card(s) EVGA FTW2 GTX 1070Ti
Storage 740GB of SSDs, 7 TB's of HDDs
Display(s) LG 27UD58P-B 27” IPS 4K
Case Phanteks Enthos Pro M
Audio Device(s) Integrated
Power Supply EVGA 750 P2
Mouse Mionix Naos 8200
Keyboard G Skill Ripjaws RGB Mechanical Keyboard
Software Windows 10 Pro
So that means they need to fix it!
 

Aquinus

Resident Wat-man
Joined
Jan 28, 2012
Messages
13,171 (2.79/day)
Location
Concord, NH, USA
System Name Apollo
Processor Intel Core i9 9880H
Motherboard Some proprietary Apple thing.
Memory 64GB DDR4-2667
Video Card(s) AMD Radeon Pro 5600M, 8GB HBM2
Storage 1TB Apple NVMe, 4TB External
Display(s) Laptop @ 3072x1920 + 2x LG 5k Ultrafine TB3 displays
Case MacBook Pro (16", 2019)
Audio Device(s) AirPods Pro, Sennheiser HD 380s w/ FIIO Alpen 2, or Logitech 2.1 Speakers
Power Supply 96w Power Adapter
Mouse Logitech MX Master 3
Keyboard Logitech G915, GL Clicky
Software MacOS 12.1
So that means they need to fix it!

The question is how long has it been there and should nVidia have fixed it (and found it,) before now. I think this is just another example of how drivers are never perfect and is another reason why people shouldn't bash AMD or nVidia for drivers that they've dumped a lot of time and effort into.
 
Joined
Aug 17, 2009
Messages
1,585 (0.28/day)
Location
Los Angeles/Orange County CA
System Name Vulcan
Processor i6 6600K
Motherboard GIGABYTE Z170X UD3
Cooling Thermaltake Frio Silent 14
Memory 16GB Corsair Vengeance LPX 16GB (2 x 8GB)
Video Card(s) ASUS Strix GTX 970
Storage Mushkin Enhanced Reactor 1TB SSD
Display(s) QNIX 27 Inch 1440p
Case Fractal Design Define S
Audio Device(s) On Board
Power Supply Cooler Master V750
Software Win 10 64-bit
Those darn buggy NVIDIA drivers! When are they going to fix them?


Just kidding. It's a joke. Get it?
 
Joined
Oct 8, 2012
Messages
1,454 (0.33/day)
Location
Israel
Processor AMD Ryzen 7 5800X
Motherboard B550 Aorus PRO V2
Cooling Corsair H115i RGB Platinum
Memory Gskill Trident Z Neo 3600 2x16GB
Video Card(s) MSI RTX 3070 Trio X
Storage WD Blue SN550 1TB NVME/Teranova 1TB Sata/WD Blue SN580 2TB NVME
Display(s) Dell AW3423DWF
Case Corsair 4000D Airflow
Audio Device(s) Schiit Audio Modi+\Magni+
Power Supply Corsair HX850i
Mouse Logitech G502 Lightspeed
Keyboard SteelSeries Apex Pro
Software Windows 10 Pro
Does not sound legit.
 
Joined
Dec 9, 2007
Messages
746 (0.12/day)
It might be plausible to exploit this, but come on:

...and the remote admin has a local account...
This alone tells me it would be extremely hard for a hacker to exploit this bug unless they've already infiltrated or otherwise compromised your network elsewhere. :ohwell:
 

newtekie1

Semi-Retired Folder
Joined
Nov 22, 2005
Messages
28,473 (4.08/day)
Location
Indiana, USA
Processor Intel Core i7 10850K@5.2GHz
Motherboard AsRock Z470 Taichi
Cooling Corsair H115i Pro w/ Noctua NF-A14 Fans
Memory 32GB DDR4-3600
Video Card(s) RTX 2070 Super
Storage 500GB SX8200 Pro + 8TB with 1TB SSD Cache
Display(s) Acer Nitro VG280K 4K 28"
Case Fractal Design Define S
Audio Device(s) Onboard is good enough for me
Power Supply eVGA SuperNOVA 1000w G3
Software Windows 10 Pro x64
So let me get this straight. For someone to exploit this vulnerability the following must be true:

  1. The attacker mush know the username and password of an active local user account on the machine.
  2. The firewall has to allow traffic in through whatever port the service is listening on.

You'd have to have a pretty shitty security setup already for this vulnerability to really affect you.
 

W1zzard

Administrator
Staff member
Joined
May 14, 2004
Messages
27,975 (3.71/day)
Processor Ryzen 7 5700X
Memory 48 GB
Video Card(s) RTX 4080
Storage 2x HDD RAID 1, 3x M.2 NVMe
Display(s) 30" 2560x1600 + 19" 1280x1024
Software Windows 10 64-bit
1) Put it in a legitimate download that runs on the user's local machine (without admin privileges).
2) Get the current username via code (very easy)
3) Run the exploit, BAM admin
4) Do evil things(tm)
 

TheMailMan78

Big Member
Joined
Jun 3, 2007
Messages
22,599 (3.52/day)
Location
'Merica. The Great SOUTH!
System Name TheMailbox 5.0 / The Mailbox 4.5
Processor RYZEN 1700X / Intel i7 2600k @ 4.2GHz
Motherboard Fatal1ty X370 Gaming K4 / Gigabyte Z77X-UP5 TH Intel LGA 1155
Cooling MasterLiquid PRO 280 / Scythe Katana 4
Memory ADATA RGB 16GB DDR4 2666 16-16-16-39 / G.SKILL Sniper Series 16GB DDR3 1866: 9-9-9-24
Video Card(s) MSI 1080 "Duke" with 8Gb of RAM. Boost Clock 1847 MHz / ASUS 780ti
Storage 256Gb M4 SSD / 128Gb Agelity 4 SSD , 500Gb WD (7200)
Display(s) LG 29" Class 21:9 UltraWide® IPS LED Monitor 2560 x 1080 / Dell 27"
Case Cooler Master MASTERBOX 5t / Cooler Master 922 HAF
Audio Device(s) Realtek ALC1220 Audio Codec / SupremeFX X-Fi with Bose Companion 2 speakers.
Power Supply Seasonic FOCUS Plus Series SSR-750PX 750W Platinum / SeaSonic X Series X650 Gold
Mouse SteelSeries Sensei (RAW) / Logitech G5
Keyboard Razer BlackWidow / Logitech (Unknown)
Software Windows 10 Pro (64-bit)
Benchmark Scores Benching is for bitches.
1) Put it in a legitimate download that runs on the user's local machine (without admin privileges).
2) Get the current username via code (very easy)
3) Run the exploit, BAM admin
4) Do evil things(tm)

Number one would be the hard part I assume. Someone would have to knowingly allow such an exploit to be installed which would eliminate 99.99999% of legitimate downloads from companies.

Torrents........that's a different story.
 

btarunr

Editor & Senior Moderator
Staff member
Joined
Oct 9, 2007
Messages
47,311 (7.52/day)
Location
Hyderabad, India
System Name RBMK-1000
Processor AMD Ryzen 7 5700G
Motherboard ASUS ROG Strix B450-E Gaming
Cooling DeepCool Gammax L240 V2
Memory 2x 8GB G.Skill Sniper X
Video Card(s) Palit GeForce RTX 2080 SUPER GameRock
Storage Western Digital Black NVMe 512GB
Display(s) BenQ 1440p 60 Hz 27-inch
Case Corsair Carbide 100R
Audio Device(s) ASUS SupremeFX S1220A
Power Supply Cooler Master MWE Gold 650W
Mouse ASUS ROG Strix Impact
Keyboard Gamdias Hermes E2
Software Windows 11 Pro
Number one would be the hard part I assume.

Make something like bronypics.exe, post it on a few adult bbs' and get a million users of your app in a day.
 
Joined
Apr 18, 2012
Messages
390 (0.08/day)
Processor AMD Ryzen 9 5900X
Motherboard Gigabyte B550 Aorus Pro
Cooling Wraith Prism
Memory Crucial Ballistix 3600Mhz 16GB (4x8GB)
Video Card(s) -
Storage Samsung 850 Evo, 860 Evo, 980 and Crucial MX500
Display(s) Samsung Neo G9 Odyssey
Case Corsair 7000D
Power Supply -
VR HMD Quest 2
A few week(s) after AMD announces a patch, nvidia leak is found by an ethical hacker. Maybe this guy was the one who alerted AMD privately..

AMD FANBOI

Make something like bronypics.exe, post it on a few adult bbs' and get a million users of your app in a day.

:laugh:
 
Joined
Nov 18, 2010
Messages
7,605 (1.47/day)
Location
Rīga, Latvia
System Name HELLSTAR
Processor AMD RYZEN 9 5950X
Motherboard ASUS Strix X570-E
Cooling 2x 360 + 280 rads. 3x Gentle Typhoons, 3x Phanteks T30, 2x TT T140 . EK-Quantum Momentum Monoblock.
Memory 4x8GB G.SKILL Trident Z RGB F4-4133C19D-16GTZR 14-16-12-30-44
Video Card(s) Sapphire Pulse RX 7900XTX. Water block. Crossflashed.
Storage Optane 900P[Fedora] + WD BLACK SN850X 4TB + 750 EVO 500GB + 1TB 980PRO+SN560 1TB(W11)
Display(s) Philips PHL BDM3270 + Acer XV242Y
Case Lian Li O11 Dynamic EVO
Audio Device(s) SMSL RAW-MDA1 DAC
Power Supply Fractal Design Newton R3 1000W
Mouse Razer Basilisk
Keyboard Razer BlackWidow V3 - Yellow Switch
Software FEDORA 41
The Red empire strikes back? Who said our cards stutter? At least our ones are not full of germs :laugh:
 

Krneki

New Member
Joined
Dec 19, 2011
Messages
23 (0.00/day)
In 2012

In this day and age someone is still running a Windows system without a firewall/router?

In this case never mind the Nvidia/ATI shitty drivers, he is already a zombie (botnet).
 

mediasorcerer

New Member
Joined
Sep 15, 2011
Messages
978 (0.20/day)
Location
coast ,melbourne
System Name THE MEDIAMACHINE
Processor i5-3570k
Motherboard Asus gene v z-77 matx.
Cooling Antec h20 620
Memory 2x4gb g.skill ripjaws z 2400
Video Card(s) h.i.s radeon 7950 reference 3 gb- hooray!!!
Storage samsung 128gb~830 ssd. samsung 500gb hdrive.
Display(s) 22 inch tele.
Case circa 1996 grey rat box with no sides front.until my own is finished
Audio Device(s) inbuilt creative.supreme effects 3
Power Supply thermaltake tt-500w
Software win 7 x64-
Benchmark Scores Coming soon
Doesn't sound like that much of a worry.
 
Joined
May 20, 2004
Messages
10,487 (1.39/day)
1) Put it in a legitimate download that runs on the user's local machine (without admin privileges).
2) Get the current username via code (very easy)
3) Run the exploit, BAM admin
4) Do evil things(tm)

So basically... don't download gpu-z and other software form here until it's fixed.
 

Aquinus

Resident Wat-man
Joined
Jan 28, 2012
Messages
13,171 (2.79/day)
Location
Concord, NH, USA
System Name Apollo
Processor Intel Core i9 9880H
Motherboard Some proprietary Apple thing.
Memory 64GB DDR4-2667
Video Card(s) AMD Radeon Pro 5600M, 8GB HBM2
Storage 1TB Apple NVMe, 4TB External
Display(s) Laptop @ 3072x1920 + 2x LG 5k Ultrafine TB3 displays
Case MacBook Pro (16", 2019)
Audio Device(s) AirPods Pro, Sennheiser HD 380s w/ FIIO Alpen 2, or Logitech 2.1 Speakers
Power Supply 96w Power Adapter
Mouse Logitech MX Master 3
Keyboard Logitech G915, GL Clicky
Software MacOS 12.1
Joined
Mar 15, 2008
Messages
1,110 (0.18/day)
Fear, uncertainty and doubt (FUD), is a tactic used in sales, marketing, public relations, politics and propaganda.

FUD is generally a strategic attempt to influence perception by disseminating negative and dubious or false information. An individual firm, for example, might use FUD to invite unfavorable opinions and speculation about a competitor's product; to increase the general estimation of switching costs among current customers; or to maintain leverage over a current business partner who could potentially become a rival.

The term originated to describe disinformation tactics in the computer hardware industry but has since been used more broadly.
 

W1zzard

Administrator
Staff member
Joined
May 14, 2004
Messages
27,975 (3.71/day)
Processor Ryzen 7 5700X
Memory 48 GB
Video Card(s) RTX 4080
Storage 2x HDD RAID 1, 3x M.2 NVMe
Display(s) 30" 2560x1600 + 19" 1280x1024
Software Windows 10 64-bit
There is no FUD in this. In half a day every half decent programmer can write some code that exploits the vulnerability. With probably no antivirus catching it.
 
Joined
Nov 18, 2010
Messages
7,605 (1.47/day)
Location
Rīga, Latvia
System Name HELLSTAR
Processor AMD RYZEN 9 5950X
Motherboard ASUS Strix X570-E
Cooling 2x 360 + 280 rads. 3x Gentle Typhoons, 3x Phanteks T30, 2x TT T140 . EK-Quantum Momentum Monoblock.
Memory 4x8GB G.SKILL Trident Z RGB F4-4133C19D-16GTZR 14-16-12-30-44
Video Card(s) Sapphire Pulse RX 7900XTX. Water block. Crossflashed.
Storage Optane 900P[Fedora] + WD BLACK SN850X 4TB + 750 EVO 500GB + 1TB 980PRO+SN560 1TB(W11)
Display(s) Philips PHL BDM3270 + Acer XV242Y
Case Lian Li O11 Dynamic EVO
Audio Device(s) SMSL RAW-MDA1 DAC
Power Supply Fractal Design Newton R3 1000W
Mouse Razer Basilisk
Keyboard Razer BlackWidow V3 - Yellow Switch
Software FEDORA 41
There is no FUD in this. In half a day every half decent programmer can write some code that exploits the vulnerability. With probably no antivirus catching it.

The problem is always figuring out how to make a safe profit :D
 
Joined
Nov 4, 2005
Messages
12,022 (1.72/day)
System Name Compy 386
Processor 7800X3D
Motherboard Asus
Cooling Air for now.....
Memory 64 GB DDR5 6400Mhz
Video Card(s) 7900XTX 310 Merc
Storage Samsung 990 2TB, 2 SP 2TB SSDs, 24TB Enterprise drives
Display(s) 55" Samsung 4K HDR
Audio Device(s) ATI HDMI
Mouse Logitech MX518
Keyboard Razer
Software A lot.
Benchmark Scores Its fast. Enough.
Number one would be the hard part I assume. Someone would have to knowingly allow such an exploit to be installed which would eliminate 99.99999% of legitimate downloads from companies.

Torrents........that's a different story.

Drive by downloads, or java exploit, need I say more.

Wait

And browser hijack redirects.


I'm growing a beard™, so I am safe.
 
Joined
Dec 22, 2011
Messages
3,890 (0.82/day)
Processor AMD Ryzen 7 3700X
Motherboard MSI MAG B550 TOMAHAWK
Cooling AMD Wraith Prism
Memory Team Group Dark Pro 8Pack Edition 3600Mhz CL16
Video Card(s) NVIDIA GeForce RTX 3080 FE
Storage Kingston A2000 1TB + Seagate HDD workhorse
Display(s) Samsung 50" QN94A Neo QLED
Case Antec 1200
Power Supply Seasonic Focus GX-850
Mouse Razer Deathadder Chroma
Keyboard Logitech UltraX
Software Windows 11
The exploit mainly affects "domain-based machine" with "relaxed firewall rules" and file sharing enabled.

Oh noes!
 
Joined
Jun 20, 2007
Messages
3,942 (0.62/day)
System Name Widow
Processor Ryzen 7600x
Motherboard AsRock B650 HDVM.2
Cooling CPU : Corsair Hydro XC7 }{ GPU: EK FC 1080 via Magicool 360 III PRO > Photon 170 (D5)
Memory 32GB Gskill Flare X5
Video Card(s) GTX 1080 TI
Storage Samsung 9series NVM 2TB and Rust
Display(s) Predator X34P/Tempest X270OC @ 120hz / LG W3000h
Case Fractal Define S [Antec Skeleton hanging in hall of fame]
Audio Device(s) Asus Xonar Xense with AKG K612 cans on Monacor SA-100
Power Supply Seasonic X-850
Mouse Razer Naga 2014
Software Windows 11 Pro
Benchmark Scores FFXIV ARR Benchmark 12,883 on i7 2600k 15,098 on AM5 7600x
In this day and age someone is still running a Windows system without a firewall/router?

In this case never mind the Nvidia/ATI shitty drivers, he is already a zombie (botnet).

Don't you have that the other way around? What normal home network uses Windows firewall or any soft-firewall for that matter?
And if a commercial network already has infiltration to the backdoor level *as is required for this to be an issue* then who cares, you're in trouble already.

Sounds like this guy is turning a molehill into a mountain just to get some press.

Drive by downloads, or java exploit, need I say more.

Wait

And browser hijack redirects.


I'm growing a beard™, so I am safe.


A) Hosts files
B) Don't visit shady websites/open shady email attachments
C) Take control/concern with your Active X and Java
D) All remote registry services disabled (until the time of requirement/access needed)

Statistically impossible for you to get a blown virus. About the worst you may encounter is a sneaky bit of malware that slipped in through browser controls and all it does is snoop or redirect you to paysites.
 
Last edited:
Joined
Dec 22, 2011
Messages
3,890 (0.82/day)
Processor AMD Ryzen 7 3700X
Motherboard MSI MAG B550 TOMAHAWK
Cooling AMD Wraith Prism
Memory Team Group Dark Pro 8Pack Edition 3600Mhz CL16
Video Card(s) NVIDIA GeForce RTX 3080 FE
Storage Kingston A2000 1TB + Seagate HDD workhorse
Display(s) Samsung 50" QN94A Neo QLED
Case Antec 1200
Power Supply Seasonic Focus GX-850
Mouse Razer Deathadder Chroma
Keyboard Logitech UltraX
Software Windows 11
Top