Notification

Icon
Error

Nvidia GPU Display Driver Vulnerability

Posted: Monday, May 13, 2019 2:37:37 PM(UTC)
Esben.D

Esben.D

Member Administration Original PosterPosts: 1,834
5
Like
Nvidia released new drivers for most of it's products last week in light of the new security bulletin it released. To help indetify devices in your network that might be at risk, we've created a report which display whether a device is vulnerable or not. Please note that the report is based on the current available information. You can also find more info in our blog post. Instructions to run this report can be found here: https://www.lansweeper.c...How-to-run-a-report.aspx

The report checks the following:
  • For Geforce, Quadro or NVS cards, driver version must be 430.64 or higher to be safe.
  • For Tesla cards, driver version must be on 425.25 to be safe (for now, see the security bulletin)
Version numbers within Lansweeper are displayed in full, 430.64 will be displayed as 26.21.14.3064
Code:
Select Distinct Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
tblAssets.IPAddress,
tblVideoController.Caption,
tblVideoController.DriverVersion,
Case
When (tblVideoController.Caption Like '%geforce%' And
NvidiaAssets.DriverVersion BETWEEN 2621143000 and 2621143063) Or
((tblVideoController.Caption Like '%Quadro%' Or tblVideoController.Caption Like '%NVS%') And
NvidiaAssets.DriverVersion Between 2621143000 and 2621143063) Or ((tblVideoController.Caption Like '%Quadro%' Or tblVideoController.Caption Like '%NVS%') And
NvidiaAssets.DriverVersion Between 2521141800 and 2521142550) Or ((tblVideoController.Caption Like '%Quadro%' Or tblVideoController.Caption Like '%NVS%') And
NvidiaAssets.DriverVersion Between 2421141163 and 2421141235) Or ((tblVideoController.Caption Like '%Quadro%' Or tblVideoController.Caption Like '%NVS%') And
NvidiaAssets.DriverVersion Between 2321139065 and 2321139238) Then 'Vulnerable'
When (tblVideoController.Caption Like '%tesla%' And NvidiaAssets.DriverVersion Between 2521141800 and 2521142524)
Or (tblVideoController.Caption Like '%tesla%' And NvidiaAssets.DriverVersion Between 2421141163 and 2421141235) Then 'Vulnerable'
Else 'Safe'
End As [Vulnerable/Safe],
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tsysOS.OSname As OS,
tblAssets.SP,
tblAssets.Lastseen,
tblAssets.Lasttried,
Case
When (tblVideoController.Caption Like '%geforce%' And
NvidiaAssets.DriverVersion BETWEEN 2621143000 and 2621143063) Or
((tblVideoController.Caption Like '%Quadro%' Or tblVideoController.Caption Like '%NVS%') And
NvidiaAssets.DriverVersion Between 2621143000 and 2621143063) Or ((tblVideoController.Caption Like '%Quadro%' Or tblVideoController.Caption Like '%NVS%') And
NvidiaAssets.DriverVersion Between 2521141800 and 2521142550) Or ((tblVideoController.Caption Like '%Quadro%' Or tblVideoController.Caption Like '%NVS%') And
NvidiaAssets.DriverVersion Between 2421141163 and 2421141235) Or ((tblVideoController.Caption Like '%Quadro%' Or tblVideoController.Caption Like '%NVS%') And
NvidiaAssets.DriverVersion Between 2321139065 and 2321139238) Then '#ffadad'
When (tblVideoController.Caption Like '%tesla%' And NvidiaAssets.DriverVersion Between 2521141800 and 2521142524)
Or (tblVideoController.Caption Like '%tesla%' And NvidiaAssets.DriverVersion Between 2421141163 and 2421141235) Then '#ffadad'
Else '#d4f4be'
End As backgroundcolor
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Inner Join tblVideoController On
tblAssets.AssetID = tblVideoController.AssetID
Left Join (Select Top 1000000 tblAssets.AssetID,
Convert(bigint,Replace(tblVideoController.DriverVersion, '.',
'')) As DriverVersion,
tblVideoController.Caption
From tblAssets
Inner Join tblVideoController On tblAssets.AssetID =
tblVideoController.AssetID
Where tblVideoController.Caption Like '%Nvidia%') As NvidiaAssets On
NvidiaAssets.AssetID = tblAssets.AssetID
Where (tblVideoController.Caption Like '%geforce%' Or
tblVideoController.Caption Like '%quadro%' Or
tblVideoController.Caption Like '%NVS%' Or tblVideoController.Caption Like
'%tesla%') And tblVideoController.DriverVersion Is Not Null And
tblAssetCustom.State = 1
Order By tblAssets.Domain,
tblAssets.AssetName
Esben.D
#1Esben.D Member Administration Original PosterPosts: 1,834  
posted: 5/13/2019 2:55:07 PM(UTC)
For the people using an SQL Sever installation. You can modify the report so it shows the Nvidia driver numbering which is commonly used. Do this by replacing the SQL code as mentioned below. These SQL commands are not supported on SQL Compact databases, which is why I did not post it in the original report.

Replace
tblVideoController.DriverVersion,

With
Stuff(Right(Convert(nvarchar,Replace(tblVideoController.DriverVersion, '.',
'')), 5), 4, 0, '.') As DriverVersion,
AZHockeyNut
#2AZHockeyNut Member Alpha Tester Posts: 234  
posted: 5/13/2019 3:21:24 PM(UTC)
Originally Posted by: Esben.D Go to Quoted Post
For the people using an SQL Sever installation. You can modify the report so it shows the Nvidia driver numbering which is commonly used. Do this by replacing the SQL code as mentioned below. These SQL commands are not supported on SQL Compact databases, which is why I did not post it in the original report.

Replace
tblVideoController.DriverVersion,

With
Stuff(Right(Convert(nvarchar,Replace(tblVideoController.DriverVersion, '.',
'')), 5), 4, 0, '.') As DriverVersion,


by replace did you mean replace all instances of that with the provided or only in one place. I tried a few options including replace all and I get
"The replace function requires 3 argument(s)"

to be clear I copied your report to notepad and did a replace all of tblVideoController.DriverVersion, with Stuff(Right(Convert(nvarchar,Replace(tblVideoController.DriverVersion, '.',
'')), 5), 4, 0, '.') As DriverVersion,

did not work
Esben.D
#3Esben.D Member Administration Original PosterPosts: 1,834  
posted: 5/13/2019 3:27:59 PM(UTC)
Only replace the first one

Quote:
Select Distinct Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
tblAssets.IPAddress,
tblVideoController.Caption,
tblVideoController.DriverVersion,

Bart van den Bosch
#4Bart van den Bosch Member Posts: 24  
posted: 5/13/2019 3:31:10 PM(UTC)
Originally Posted by: Esben.D Go to Quoted Post
Nvidia released new drivers for most of its products...


It doesn't seem to work here...

This system was updated manually through the 430.64 Quadro driver package. (update from NVIDIA Graphics Driver 425.31)
It contains NVIDIA Quadro P400 display adapters

NVIDIA Graphics Driver 430.64 430.64 NVIDIA Corporation
NVIDIA HD Audio Driver 1.3.38.16 1.3.38.16 NVIDIA Corporation
NVIDIA nView 149.77 149.77 NVIDIA Corporation
NVIDIA WMI 2.33.0 2.33.0 NVIDIA Corporation

Shows installed on the system -> software
The report shows this system as "red" though


Am I understanding this report wrong?

Thanks,
Bart
Esben.D
#5Esben.D Member Administration Original PosterPosts: 1,834  
posted: 5/13/2019 3:36:40 PM(UTC)
Could you tell me what tblVideoController.DriverVersion contains for that asset?

Or go to the asset page Config\Display\Video card and check the driver version there.

Also, don't forget that by default, GPU information is only rescanned about once per month. So make sure to change that in Scanning\Scanned Item Interval or hit the "Rescan asset" button on the asset's page for a manual, full rescan.

I updated the report to include the last changed of the GPU item.
hoddino
#6hoddino Member Posts: 4  
posted: 5/13/2019 4:05:48 PM(UTC)
My system also was updated to the latest build and it's showing as vulnerable:

26.21.14.3064 Vulnerable

I also did a rescan of the asset and it still shows.
tcooper
#7tcooper Member Posts: 15  
posted: 5/13/2019 4:33:45 PM(UTC)
I also checked the NvidiaAssets.DriverVersion for the machine with DriverVersion 430.64 and it is showing as 2621143064.
In case it helps at all, this is an NVIDIA Quadro K2200 on Windows 7.
dscoland
#8dscoland Member Posts: 41  
posted: 5/13/2019 7:05:18 PM(UTC)
I have revised the code for everyone.
The additional And conditions were not included with the Or conditions in the Case statements for the driver version, and the color coding. This should work.

Select Distinct Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
tblAssets.IPAddress,
tblVideoController.Caption,
tblVideoController.DriverVersion,
NvidiaAssets.DriverVersion As NvidiaAssetsVersion,
Case
When (tblVideoController.Caption Like '%geforce%' And
NvidiaAssets.DriverVersion < 2621143064) Or
(tblVideoController.Caption Like '%Quadro%' And
NvidiaAssets.DriverVersion < 2621143064) Or
(tblVideoController.Caption Like '%NVS%' And NvidiaAssets.DriverVersion <
2621143064) Then 'Vulnerable'
When tblVideoController.Caption Like '%tesla%' And
NvidiaAssets.DriverVersion < 2521141935 Then 'Vulnerable'
Else 'Safe'
End As [Vulnerable/Safe],
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tsysOS.OSname As OS,
tblAssets.SP,
tblAssets.Lastseen,
tblAssets.Lasttried,
Case
When (tblVideoController.Caption Like '%geforce%' And
NvidiaAssets.DriverVersion < 2621143064) Or
(tblVideoController.Caption Like '%Quadro%' And
NvidiaAssets.DriverVersion < 2621143064) Or
(tblVideoController.Caption Like '%NVS%' And NvidiaAssets.DriverVersion <
2621143064) Then '#ffadad'
When tblVideoController.Caption Like '%tesla%' And
NvidiaAssets.DriverVersion < 2521141935 Then '#ffadad'
Else '#d4f4be'
End As backgroundcolor
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Inner Join tblVideoController On
tblAssets.AssetID = tblVideoController.AssetID
Left Join (Select Top 1000000 tblAssets.AssetID,
Convert(bigint,Replace(tblVideoController.DriverVersion, '.',
'')) As DriverVersion,
tblVideoController.Caption
From tblAssets
Inner Join tblVideoController On tblAssets.AssetID =
tblVideoController.AssetID
Where tblVideoController.Caption Like '%Nvidia%') As NvidiaAssets On
NvidiaAssets.AssetID = tblAssets.AssetID
Where (tblVideoController.Caption Like '%geforce%' Or
tblVideoController.Caption Like '%quadro%' Or
tblVideoController.Caption Like '%NVS%' Or tblVideoController.Caption Like
'%tesla%') And tblVideoController.DriverVersion Is Not Null And
tblAssetCustom.State = 1
Order By tblAssets.Domain,
tblAssets.AssetName


Thanks,
Daniel
Esben.D
#9Esben.D Member Administration Original PosterPosts: 1,834  
posted: 5/13/2019 7:12:36 PM(UTC)
Originally Posted by: dscoland Go to Quoted Post
I have revised the code for everyone.
The additional And conditions were not included with the Or conditions in the Case statements for the driver version, and the color coding. This should work.


Added this to the original post. Thanks!

Zaorac
#10Zaorac Member Posts: 1  
posted: 5/14/2019 1:40:30 PM(UTC)
First of all, thank you very much for this report!


One question though: If I'm not mistaken, different models of graphics cards of the same family (e.g. Quadro) use different drivers.

Example:

NVIDIA Quadro K1100M - R430 version
NVIDIA Quadro M1000M - R418 version

According to the table provided by NVIDIA (https://nvidia.custhelp.com/app/answers/detail/a_id/4797), these have different version numbers but in the report here they are considered unsafe if below 430.64:

Quote:
(tblVideoController.Caption Like '%Quadro%' And
NvidiaAssets.DriverVersion < 2621143064)


If this is indeed how it is, then it may report a safe driver as unsafe in the report. Just wanted to add that.
Esben.D
#11Esben.D Member Administration Original PosterPosts: 1,834  
posted: 5/15/2019 3:39:35 PM(UTC)
I updated the report so it will be more accurate and also since Nvidia released some more drivers to fix the vulnerabilities.

Also, driver versions that are not listed by nvidia as vulnerable will now display as safe in the report. I presume that the vulnerability is only present in the driver versions they mention.

Active Discussions

Lansweeper Asset Value Report
by  RC62N   Go to last post Go to first unread
Last post: 9/20/2019 7:12:29 PM(UTC)
Lansweeper Display Hyper-V Guest User report
by  GlenTB  
Go to last post Go to first unread
Last post: 9/20/2019 2:26:15 PM(UTC)
Report Center Windows Defender Antivirus Broken Scan Audit
by  Esben.D   Go to last post Go to first unread
Last post: 9/20/2019 12:18:02 PM(UTC)
Lansweeper Reports are empty
by  Mendoza  
Go to last post Go to first unread
Last post: 9/20/2019 11:12:18 AM(UTC)
Lansweeper Custom Helpdesk Report
by  StevoCamaro   Go to last post Go to first unread
Last post: 9/19/2019 11:13:05 PM(UTC)
Lansweeper Windows 7 EOL
by  RC62N  
Go to last post Go to first unread
Last post: 9/19/2019 4:42:11 PM(UTC)
Lansweeper Drive Encryption statuses
by  DFox   Go to last post Go to first unread
Last post: 9/19/2019 12:54:06 PM(UTC)
Lansweeper Patch Tuesday report, last 3 months
by  Esben.D  
Go to last post Go to first unread
Last post: 9/19/2019 10:55:07 AM(UTC)