https://www.exploit-db.com/exploits/41365/
https://www.exploit-db.com/exploits/41364/
http://nvidia.custhelp.com/app/answers/detail/a_id/4398
Security Bulletin: NVIDIA GPU Display Driver contains multiple vulnerabilities in the kernel mode layer handler
So; Might want to update; Try to avoid getting a Geforce "Experience; and hope that the drivers work.
Oh Nvidia, you have turned into ATI at the start of their Catalyst venture…
Wait, what’s going on?
Some major security flaws of the buffer overflow flavor, at least one of which (the second exploit-db link) looks to be an intentional feature of the code.
So crap, I should update my drivers manually and not through the experience nonsense?
I always download mine from http://www.geforce.com/drivers .
I guess you can update through GFE if that works for you. Since GFE 3.x I’ve not had it installed anymore, (using OBS for Capture now…) but even when I had GFE2.x installed I did everything manually.
I saw some complains on Nvidias facebook about problems, but it looked like it was mostly related to Win10 and probably ‘fringe’ occurences or the drivers would be withdrawn I would assume.
Yeah, I might get rid of it, been debating on getting rid of it since I read they pull in telemetry data.
I think it’s more likely that some malicious program using the graphics card could find a way to do privilege escalation with those vulnerabilities—I can’t imagine that stuff directly from Nvidia would be any more unsafe than the gaps in the driver.
Download the drivers 1000 times on the super fat connection at work, just as a fuck you to Nvidia for how they ruined Geforce Experience with their login crap. Ugh. It’s honestly so tacky and obnoxious that I’m considering going ATI for my next video card, and I’ve been using Nvidia for probably a decade now.
PS: Thanks for the heads up :)
I’m trying to avoid GFE but today I installed the latest drivers and accidentally performed an “express installation”, which of course installs GFE. Grr.
Between GFE and the $200-300 premium on g-sync monitors, I might consider AMD for my next video card as well.
I’ve been trying to tell people to switch to AMD for years. Glad Nvidia’s shitty policies are finally catching up to them and people are noticing.
Of course, I did get talked into buying a 1060 this year :/
Ha, it’s been so long I forgot they’re not ATI anymore
Nvidia’s driver releases have been insanely horrible for the past year. I am really, really disappointed in their poor quality control - if you can even call it that.
Yea, the old saying was “ATI - Good hardware, shitty drivers” vs “Nvidia - Decent Hardware, Great Drivers”.
Now it seems like both of them have shitty drivers (although Catalyst still seems to be the worst of them; NV still has a somewhat normal control panel interface…for now. Although if you include GFE they’re equally horrible I suppose).
Catalyst doesn’t exist anymore. We’re on to Relive.
AMD drivers are very nice these days.
The mouse corruption problem has to go, and it hasn’t.