Nvidia’s November 2019 update just fixed 11 mainly high-severity security flaws in its Windows and GeForce graphics card drivers, including three in the program used to update them.
Users often associate driver updates for graphics cards with performance, stability and general bug fixes but security has become almost as big an issue in recent years.
The three with the highest severity – CVE‑2019‑5690, CVE‑2019‑5691 and CVE‑2019‑5692 – are kernel mode flaws in the Nvidia Windows GPU display driver and which could be exploited to cause a crash or escalation of privileges.
The same component features a further four lower-rated flaws, CVE‑2019‑5692, CVE‑2019‑5693, CVE‑2019‑5695, and CVE‑2019‑5694, the latter requiring local access.
In addition to all this, Nvidia’s GeForce Experience application is vulnerable to two flaws of its own, CVE‑2019‑5701 and CVE‑2019‑5689, plus one, CVE‑2019‑5695, shared with the Windows driver discussed above.
The first one of these is the highest priority and applies when GameStream is enabled for Nvidia Shield devices.
Not all Nvidia users use GeForce Experience, the purpose of which is to act as an automatic update and optimisation tool for Nvidia drivers. Anyone who doesn’t use that tool can search for new drivers manually via Nvidia’s website.
Those who do, however, simply need to run the application to receive the correct updates addressing its own flaws (v441.12) and those of the drivers.