HPSBHF03611 rev. 2 - NVIDIA GPU Display Driver Vulnerabilities

Potential Security Impact:

Denial of service, Escalation of privilege, Unauthorized code execution, or Information disclosure

Source: HP, HP Product Security Response Team (PSRT)

Reported By: NVIDIA

VULNERABILITY SUMMARY

HP has been notified of potential security vulnerabilities with the GPU Display Driver for certain NVIDIA products. These vulnerabilities may lead to denial of service, escalation of privileges, unauthorized code execution, or information disclosure.

Reference Number

CVE-2019-5665, CVE-2019-5666, CVE-2019-5667, CVE-2019-5668, CVE-2019-5669, CVE-2019-5670, CVE-2019-5671, CVE-2018-6260, NVIDIA Security Bulletin 4772 (in English), PSR-2019-0058

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

See RESOLUTION section below

BACKGROUND

For a PGP signed version of this security bulletin please write to: hp-security-alert@hp.com

CVSS 3.0 Base Metrics

Reference	Base Vector	Base Score
CVE-2019-5665	AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	8.8
CVE-2019-5666	AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	8.8
CVE-2019-5667	AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	8.8
CVE-2019-5668	AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	8.8
CVE-2019-5669	AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	8.8
CVE-2019-5670	AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	7.8
CVE-2019-5671	AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H	6.5
CVE-2018-6260	AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N	2.2

RESOLUTION

HP has identified the affected products and target dates for Softpaqs. See the affected products listed below.

note:
This bulletin will be updated. Check back frequently for updates. HP recommends keeping your system up to date with the latest firmware and software.

How do I know if I am impacted?

Launch Windows Device Manager.
Select Display Adapters.
If you see a node with one of the NVIDIA products listed below, then verify the driver version.

How do I know the driver version I have installed?

Launch Windows Device Manager.
Select Display Adapters.
Select the NVIDIA product node and right-click.
Go to the Driver tab.
If you have an earlier driver version, then update the driver using the link for your product below.

The driver version can be identified by the last digits of the version number.

For example: 10.18.13.6472 is 364.72 and 10.18.13.472 is 304.72.

Pending: Softpaq is in progress.

Under investigation: System under investigation for impact, or Softpaq under investigation for feasibility/availability.

Not available: Softpaq not available due to technical or logistical constraints.

Business PCs and Retail Point-of-Sale systems

Product	Driver Version	Softpaq ID
NVS510	419.01 (Win10)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95142.exe
NVS510	419.01 (Win7 Win8.1 64 bit)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95136.exe
GF GT630	419.01 (Win10)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95142.exe
GF GT630	419.01 (Win7 Win8.1 64 bit)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95136.exe
GF GT730	419.01 (Win10)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95142.exe
GF GT730	419.01 (Win7 Win8.1 64 bit)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95136.exe
GF GT730A	419.01 (Win10)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95142.exe
GF GT730A	419.01 (Win7 Win8.1 64 bit)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95136.exe
GT720	419.01 (Win10)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95142.exe
GT720	419.01 (Win7 Win8.1 64 bit)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95136.exe
GTX960	419.01 (Win10)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95142.exe
GTX960	419.01 (Win7 Win8.1 64 bit)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95136.exe
Quadro K620	419.01 (Win10)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95142.exe
Quadro K620	419.01 (Win7 Win8.1 64 bit)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95136.exe
Quadro P620	419.01 (Win10)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95142.exe
Quadro P620	419.01 (Win7 Win8.1 64 bit)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95136.exe
GTX1080	419.01 (Win10)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95142.exe
GTX1080	419.01 (Win7 Win8.1 64 bit)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95136.exe
GTX1070-B	419.01 (Win10)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95142.exe
GTX1070-B	419.01 (Win7 Win8.1 64 bit)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95136.exe
GTX1060-B	419.01 (Win10)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95142.exe
GTX1060-B	419.01 (Win7 Win8.1 64 bit)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95136.exe
RTX2080	419.01 (Win10)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95142.exe
Quadro P400	419.01 (Win10)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95142.exe
Quadro P400	419.01 (Win7 Win8.1 64 bit)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95136.exe
NVS310 1GB	392.37(Win10)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95169.exe
NVS310 1GB	392.37(Win7 Win8.1 64 bit)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95170.exe
NVS310 1GB	392.37(Win7 Win8.1 32 bit)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95143.exe
NVS310 512MB	392.37(Win10)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95169.exe
NVS310 512MB	392.37(Win7 Win8.1 64 bit)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95170.exe
NVS310 512MB	392.37(Win7 Win8.1 32 bit)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95143.exe
NVS315	392.37(Win10)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95169.exe
NVS315	392.37(Win7 Win8.1 64 bit)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95170.exe
NVS315	392.37(Win7 Win8.1 32 bit)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95143.exe
NVS510	392.37(Win7 Win8.1 32 bit)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95143.exe
GF GT630	392.37(Win7 Win8.1 32 bit)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95143.exe
GF GT730	392.37(Win7 Win8.1 32 bit)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95143.exe
GT720	392.37(Win7 Win8.1 32 bit)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95143.exe
GTX960	392.37(Win7 Win8.1 32 bit)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95143.exe
GT730	392.37(Win7 Win8.1 32 bit)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95143.exe
GTX1080	392.37(Win7 Win8.1 32 bit)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95143.exe
GTX1060-B	392.37(Win7 Win8.1 32 bit)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95143.exe
GTX1070-B	392.37(Win7 Win8.1 32 bit)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95143.exe
Quadro P400	392.37(Win7 Win8.1 32 bit)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95143.exe
Quadro K620	392.37(Win7 Win8.1 32 bit)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95143.exe
Quadro P620	392.37(Win7 Win8.1 32 bit)	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95143.exe
Nvidia N15P-Q1 (Nvidia Quadro K1100M)	425.91	https://ftp.hp.com/pub/softpaq/sp99001-99500/sp99203.exe
Nvidia N15P-Q5 (Nvidia Quadro K2200M)	425.91	https://ftp.hp.com/pub/softpaq/sp99001-99500/sp99203.exe
Nvidia N15E-Q1 (Nvidia Quadro K3100M)	425.91	https://ftp.hp.com/pub/softpaq/sp99001-99500/sp99203.exe
Nvidia N15E-Q3 (Nvidia Quadro K4100M)	425.91	https://ftp.hp.com/pub/softpaq/sp99001-99500/sp99203.exe
Nvidia N15E-Q5 (Nvidia Quadro K5100M)	425.91	https://ftp.hp.com/pub/softpaq/sp99001-99500/sp99203.exe
Nvidia N17P-Q1 (Nvidia Quadro M1200)	425.53	https://ftp.hp.com/pub/softpaq/sp96501-97000/sp96929.exe
Nvidia N17P-Q3 (Nvidia Quadro M2200)	425.53	https://ftp.hp.com/pub/softpaq/sp96501-97000/sp96929.exe
Nvidia N17E-Q1 (Nvidia Quadro P3000)	425.53	https://ftp.hp.com/pub/softpaq/sp96501-97000/sp96929.exe
Nvidia N17E-Q3 (Nvidia Quadro P4000)	425.53	https://ftp.hp.com/pub/softpaq/sp96501-97000/sp96929.exe
Nvidia N17E-Q5 (Nvidia Quadro P5000)	425.53	https://ftp.hp.com/pub/softpaq/sp96501-97000/sp96929.exe
Nvidia N15M-Q2 (Nvidia Quadro K610M)	425.91	https://ftp.hp.com/pub/softpaq/sp99001-99500/sp99203.exe
Nvidia N16P-Q1 (Nvidia Quadro M1000M)	425.53	https://ftp.hp.com/pub/softpaq/sp96501-97000/sp96929.exe
Nvidia N16P-Q3 (Nvidia Quadro M2000M)	425.53	https://ftp.hp.com/pub/softpaq/sp96501-97000/sp96929.exe
Nvidia N16E-Q1 (Nvidia Quadro M3000M)	425.53	https://ftp.hp.com/pub/softpaq/sp96501-97000/sp96929.exe
Nvidia N16E-Q3 (Nvidia Quadro M4000M)	425.53	https://ftp.hp.com/pub/softpaq/sp96501-97000/sp96929.exe
Nvidia N16E-Q5 (Nvidia Quadro M5000M)	425.53	https://ftp.hp.com/pub/softpaq/sp96501-97000/sp96929.exe
Nvidia N17P-Q1 (Nvidia Quadro M1200M)	425.53	https://ftp.hp.com/pub/softpaq/sp96501-97000/sp96929.exe
Nvidia N17P-Q3 (Nvidia Quadro M2200M)	425.53	https://ftp.hp.com/pub/softpaq/sp96501-97000/sp96929.exe
Nvidia N18P-Q1 (Nvidia Quadro P1000)	425.53	https://ftp.hp.com/pub/softpaq/sp96501-97000/sp96929.exe
Nvidia N18P-Q3 (Nvidia Quadro P2000)	425.53	https://ftp.hp.com/pub/softpaq/sp96501-97000/sp96929.exe
Nvidia N18P-Q1 (Nvidia Quadro P3000)	425.53	https://ftp.hp.com/pub/softpaq/sp96501-97000/sp96929.exe
Nvidia N18P-Q1 (Nvidia Quadro P4000)	425.53	https://ftp.hp.com/pub/softpaq/sp96501-97000/sp96929.exe
Nvidia N18P-Q1 (Nvidia Quadro P5200)	425.53	https://ftp.hp.com/pub/softpaq/sp96501-97000/sp96929.exe
NVIDIA N17M-Q3 (Nvidia Quadro M620)	425.53	https://ftp.hp.com/pub/softpaq/sp96501-97000/sp96929.exe
NVIDIA GeForce MX150	425.25	https://ftp.hp.com/pub/softpaq/sp96501-97000/sp96930.exe
NVIDIA GeForce 930M	425.25	https://ftp.hp.com/pub/softpaq/sp96501-97000/sp96930.exe
Nvidia N16S-GMR-S (Nvidia GeForce 930MX)	425.25	https://ftp.hp.com/pub/softpaq/sp96501-97000/sp96930.exe
Nvidia N15P-Q3 (Nvidia Quadro K2100M)	425.91	https://ftp.hp.com/pub/softpaq/sp99001-99500/sp99203.exe
Nvidia N16M-Q2 (Nvidia Quadro M600M)	425.53	https://ftp.hp.com/pub/softpaq/sp96501-97000/sp96930.exe
Nvidia GeForce GTX 1050 Max-Q	425.25	https://ftp.hp.com/pub/softpaq/sp96501-97000/sp96930.exe

Immersive PCs

Product Name	Updated Version	Softpaq #	Softpaq Link
Sprout by HP	25.21.14.1901	SP95242	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95242.exe
Sprout Pro by HP	25.21.14.1901	SP95273	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95273.exe
Sprout Pro by HP G2	25.21.14.1917	SP95224	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95224.exe

Desktop Workstation PCs

Platform list pending.

Product	Driver Version	Softpaq ID
Quadro RTX 8000	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Quadro RTX 6000	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Quadro RTX 5000	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Quadro RTX 4000	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Quadro GV100	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Quadro GP100	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Quadro P6000	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Quadro P5000	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Quadro P4000	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Quadro P2000	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Quadro P1000	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Quadro P620	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Quadro P600	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Quadro P400	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Quadro M6000 24G	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Quadro M6000	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Quadro M5000	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Quadro M4000	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Quadro M2000	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Quadro M2000M	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Quadro M1000M	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Quadro M620	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Quadro K6000	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Quadro K5200	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Quadro K4200	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
ProQuadro K2200	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Quadro K1200	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Quadro K620	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Quadro K420	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Quadro K5000	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Quadro K4000	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Quadro K2000	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Quadro K600	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Quadro K4100M	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Quadro K3100M	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Quadro K2100M	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Quadro K610M	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Quadro K4000M	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Quadro K3000M	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Tesla K40c	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Tesla K20c	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
Quadro 410	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe
NVS 510	419.17	https://ftp.hp.com/pub/softpaq/sp95001-95500/sp95208.exe

Consumer PCs

note:
NVIDIA Driver Updates for Consumer PCs are available via Windows Update.

Product	Driver Version	SoftPaq ID
N18E-G3 (GeForce RTX 2080)	25.21.14.1788	Not available
N18E-G2 (GeForce RTX 2070)	25.21.14.1788	Not available
N18E-G1 (GeForce GTX 2060 Ti)	25.21.14.1788	Not available
N18E-G0 (GeForce GTX 2060)	25.21.14.1788	Not available
N18P-G0 (GeForce GTX 2050 Ti)	25.21.14.1788	Not available
N18P-G0 (GeForce GTX 2050)	25.21.14.1788	Not available
N17E-G3 (GeForce GTX 1080)	25.21.14.1788	Not available
N17E-G2 (GeForce GTX 1070)	25.21.14.1788	Not available
N17E-G1 (GeForce GTX 1060)	25.21.14.1788	Not available
N17P-G1 (GeForce GTX 1050Ti)	25.21.14.1788	Not available
N17P-G0 (GeForce GTX 1050)	25.21.14.1788	Not available
N17P-G0-K1 (GTX 1050)	25.21.14.1788	Not available
N17S-G2 (GeForce MX250)	25.21.14.1788	Not available
N17S-G1 (GeForce MX150)	25.21.14.1788	Not available
N17S-LG (GeForce MX150)	25.21.14.1788	Not available
N16E-GR (GeForce GTX 965M)	25.21.14.1788	Not available
N16P-GT (GeForce GTX 950M)	25.21.14.1788	Not available
N16P-GX (GeForce GTX 960M)	25.21.14.1788	Not available
N16S-GTR-S (GeForce 940MX)	25.21.14.1788	Not available
N16S-GMR (GeForce 930MX)	25.21.14.1788	Not available
N16S-GM (GeForce 930M)	25.21.14.1788	Not available
N16S-GTR (GeForce MX130)	25.21.14.1788	Not available
N16V-GMR (GeForce MX110)	25.21.14.1788	Not available

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, visit https://www.hp.com/go/contacthp to learn about your HP support options.

Report: To report a potential security vulnerability with any HP supported product, send email to: hp-security-alert@hp.com.

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via email, visit https://www.hp.com/go/alerts.

Security Bulletin Archive: To view released Security Bulletins, search the HP Support Site for "security bulletin".

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

PI	HP Printing and Imaging
HF	HP Hardware and Firmware
GN	HP General Software

It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.

To get the security-alert PGP key, please send an e-mail message as follows:

To: hp-security-alert@hp.com

Subject: get key

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

REVISION HISTORY : Version:1 – 21 March 2019 Initial publication. Version:2 - 31 October 2019 Updated remaining SoftPaq URLs

SUPPORT COMMUNICATION- SECURITY BULLETIN