Notification

Icon
Error

Nvidia GPU Display Driver Vulnerability

Posted: Monday, May 13, 2019 2:37:37 PM(UTC)
Esben.D

Esben.D

Member Administration Original PosterPosts: 1,685
5
Like
Nvidia released new drivers for most of it's products last week in light of the new security bulletin it released. To help indetify devices in your network that might be at risk, we've created a report which display whether a device is vulnerable or not. Please note that the report is based on the current available information. You can also find more info in our blog post. Instructions to run this report can be found here: https://www.lansweeper.c...How-to-run-a-report.aspx

The report checks the following:
  • For Geforce, Quadro or NVS cards, driver version must be 430.64 or higher to be safe.
  • For Tesla cards, driver version must be on 425.25 to be safe (for now, see the security bulletin)
Version numbers within Lansweeper are displayed in full, 430.64 will be displayed as 26.21.14.3064
Code:
Select Distinct Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
tblAssets.IPAddress,
tblVideoController.Caption,
tblVideoController.DriverVersion,
Case
When (tblVideoController.Caption Like '%geforce%' And
NvidiaAssets.DriverVersion BETWEEN 2621143000 and 2621143063) Or
((tblVideoController.Caption Like '%Quadro%' Or tblVideoController.Caption Like '%NVS%') And
NvidiaAssets.DriverVersion Between 2621143000 and 2621143063) Or ((tblVideoController.Caption Like '%Quadro%' Or tblVideoController.Caption Like '%NVS%') And
NvidiaAssets.DriverVersion Between 2521141800 and 2521142550) Or ((tblVideoController.Caption Like '%Quadro%' Or tblVideoController.Caption Like '%NVS%') And
NvidiaAssets.DriverVersion Between 2421141163 and 2421141235) Or ((tblVideoController.Caption Like '%Quadro%' Or tblVideoController.Caption Like '%NVS%') And
NvidiaAssets.DriverVersion Between 2321139065 and 2321139238) Then 'Vulnerable'
When (tblVideoController.Caption Like '%tesla%' And NvidiaAssets.DriverVersion Between 2521141800 and 2521142524)
Or (tblVideoController.Caption Like '%tesla%' And NvidiaAssets.DriverVersion Between 2421141163 and 2421141235) Then 'Vulnerable'
Else 'Safe'
End As [Vulnerable/Safe],
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tsysOS.OSname As OS,
tblAssets.SP,
tblAssets.Lastseen,
tblAssets.Lasttried,
Case
When (tblVideoController.Caption Like '%geforce%' And
NvidiaAssets.DriverVersion BETWEEN 2621143000 and 2621143063) Or
((tblVideoController.Caption Like '%Quadro%' Or tblVideoController.Caption Like '%NVS%') And
NvidiaAssets.DriverVersion Between 2621143000 and 2621143063) Or ((tblVideoController.Caption Like '%Quadro%' Or tblVideoController.Caption Like '%NVS%') And
NvidiaAssets.DriverVersion Between 2521141800 and 2521142550) Or ((tblVideoController.Caption Like '%Quadro%' Or tblVideoController.Caption Like '%NVS%') And
NvidiaAssets.DriverVersion Between 2421141163 and 2421141235) Or ((tblVideoController.Caption Like '%Quadro%' Or tblVideoController.Caption Like '%NVS%') And
NvidiaAssets.DriverVersion Between 2321139065 and 2321139238) Then '#ffadad'
When (tblVideoController.Caption Like '%tesla%' And NvidiaAssets.DriverVersion Between 2521141800 and 2521142524)
Or (tblVideoController.Caption Like '%tesla%' And NvidiaAssets.DriverVersion Between 2421141163 and 2421141235) Then '#ffadad'
Else '#d4f4be'
End As backgroundcolor
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Inner Join tblVideoController On
tblAssets.AssetID = tblVideoController.AssetID
Left Join (Select Top 1000000 tblAssets.AssetID,
Convert(bigint,Replace(tblVideoController.DriverVersion, '.',
'')) As DriverVersion,
tblVideoController.Caption
From tblAssets
Inner Join tblVideoController On tblAssets.AssetID =
tblVideoController.AssetID
Where tblVideoController.Caption Like '%Nvidia%') As NvidiaAssets On
NvidiaAssets.AssetID = tblAssets.AssetID
Where (tblVideoController.Caption Like '%geforce%' Or
tblVideoController.Caption Like '%quadro%' Or
tblVideoController.Caption Like '%NVS%' Or tblVideoController.Caption Like
'%tesla%') And tblVideoController.DriverVersion Is Not Null And
tblAssetCustom.State = 1
Order By tblAssets.Domain,
tblAssets.AssetName
Esben.D
#1Esben.D Member Administration Original PosterPosts: 1,685  
posted: 5/13/2019 2:55:07 PM(UTC)
For the people using an SQL Sever installation. You can modify the report so it shows the Nvidia driver numbering which is commonly used. Do this by replacing the SQL code as mentioned below. These SQL commands are not supported on SQL Compact databases, which is why I did not post it in the original report.

Replace
tblVideoController.DriverVersion,

With
Stuff(Right(Convert(nvarchar,Replace(tblVideoController.DriverVersion, '.',
'')), 5), 4, 0, '.') As DriverVersion,
AZHockeyNut
#2AZHockeyNut Member Alpha Tester Posts: 230  
posted: 5/13/2019 3:21:24 PM(UTC)
Originally Posted by: Esben.D Go to Quoted Post
For the people using an SQL Sever installation. You can modify the report so it shows the Nvidia driver numbering which is commonly used. Do this by replacing the SQL code as mentioned below. These SQL commands are not supported on SQL Compact databases, which is why I did not post it in the original report.

Replace
tblVideoController.DriverVersion,

With
Stuff(Right(Convert(nvarchar,Replace(tblVideoController.DriverVersion, '.',
'')), 5), 4, 0, '.') As DriverVersion,


by replace did you mean replace all instances of that with the provided or only in one place. I tried a few options including replace all and I get
"The replace function requires 3 argument(s)"

to be clear I copied your report to notepad and did a replace all of tblVideoController.DriverVersion, with Stuff(Right(Convert(nvarchar,Replace(tblVideoController.DriverVersion, '.',
'')), 5), 4, 0, '.') As DriverVersion,

did not work
Esben.D
#3Esben.D Member Administration Original PosterPosts: 1,685  
posted: 5/13/2019 3:27:59 PM(UTC)
Only replace the first one

Quote:
Select Distinct Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
tblAssets.IPAddress,
tblVideoController.Caption,
tblVideoController.DriverVersion,

Bart van den Bosch
#4Bart van den Bosch Member Posts: 23  
posted: 5/13/2019 3:31:10 PM(UTC)
Originally Posted by: Esben.D Go to Quoted Post
Nvidia released new drivers for most of its products...


It doesn't seem to work here...

This system was updated manually through the 430.64 Quadro driver package. (update from NVIDIA Graphics Driver 425.31)
It contains NVIDIA Quadro P400 display adapters

NVIDIA Graphics Driver 430.64 430.64 NVIDIA Corporation
NVIDIA HD Audio Driver 1.3.38.16 1.3.38.16 NVIDIA Corporation
NVIDIA nView 149.77 149.77 NVIDIA Corporation
NVIDIA WMI 2.33.0 2.33.0 NVIDIA Corporation

Shows installed on the system -> software
The report shows this system as "red" though


Am I understanding this report wrong?

Thanks,
Bart
Esben.D
#5Esben.D Member Administration Original PosterPosts: 1,685  
posted: 5/13/2019 3:36:40 PM(UTC)
Could you tell me what tblVideoController.DriverVersion contains for that asset?

Or go to the asset page Config\Display\Video card and check the driver version there.

Also, don't forget that by default, GPU information is only rescanned about once per month. So make sure to change that in Scanning\Scanned Item Interval or hit the "Rescan asset" button on the asset's page for a manual, full rescan.

I updated the report to include the last changed of the GPU item.
hoddino
#6hoddino Member Posts: 4  
posted: 5/13/2019 4:05:48 PM(UTC)
My system also was updated to the latest build and it's showing as vulnerable:

26.21.14.3064 Vulnerable

I also did a rescan of the asset and it still shows.
tcooper
#7tcooper Member Posts: 15  
posted: 5/13/2019 4:33:45 PM(UTC)
I also checked the NvidiaAssets.DriverVersion for the machine with DriverVersion 430.64 and it is showing as 2621143064.
In case it helps at all, this is an NVIDIA Quadro K2200 on Windows 7.
dscoland
#8dscoland Member Posts: 41  
posted: 5/13/2019 7:05:18 PM(UTC)
I have revised the code for everyone.
The additional And conditions were not included with the Or conditions in the Case statements for the driver version, and the color coding. This should work.

Select Distinct Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
tblAssets.IPAddress,
tblVideoController.Caption,
tblVideoController.DriverVersion,
NvidiaAssets.DriverVersion As NvidiaAssetsVersion,
Case
When (tblVideoController.Caption Like '%geforce%' And
NvidiaAssets.DriverVersion < 2621143064) Or
(tblVideoController.Caption Like '%Quadro%' And
NvidiaAssets.DriverVersion < 2621143064) Or
(tblVideoController.Caption Like '%NVS%' And NvidiaAssets.DriverVersion <
2621143064) Then 'Vulnerable'
When tblVideoController.Caption Like '%tesla%' And
NvidiaAssets.DriverVersion < 2521141935 Then 'Vulnerable'
Else 'Safe'
End As [Vulnerable/Safe],
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tsysOS.OSname As OS,
tblAssets.SP,
tblAssets.Lastseen,
tblAssets.Lasttried,
Case
When (tblVideoController.Caption Like '%geforce%' And
NvidiaAssets.DriverVersion < 2621143064) Or
(tblVideoController.Caption Like '%Quadro%' And
NvidiaAssets.DriverVersion < 2621143064) Or
(tblVideoController.Caption Like '%NVS%' And NvidiaAssets.DriverVersion <
2621143064) Then '#ffadad'
When tblVideoController.Caption Like '%tesla%' And
NvidiaAssets.DriverVersion < 2521141935 Then '#ffadad'
Else '#d4f4be'
End As backgroundcolor
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Inner Join tblVideoController On
tblAssets.AssetID = tblVideoController.AssetID
Left Join (Select Top 1000000 tblAssets.AssetID,
Convert(bigint,Replace(tblVideoController.DriverVersion, '.',
'')) As DriverVersion,
tblVideoController.Caption
From tblAssets
Inner Join tblVideoController On tblAssets.AssetID =
tblVideoController.AssetID
Where tblVideoController.Caption Like '%Nvidia%') As NvidiaAssets On
NvidiaAssets.AssetID = tblAssets.AssetID
Where (tblVideoController.Caption Like '%geforce%' Or
tblVideoController.Caption Like '%quadro%' Or
tblVideoController.Caption Like '%NVS%' Or tblVideoController.Caption Like
'%tesla%') And tblVideoController.DriverVersion Is Not Null And
tblAssetCustom.State = 1
Order By tblAssets.Domain,
tblAssets.AssetName


Thanks,
Daniel
Esben.D
#9Esben.D Member Administration Original PosterPosts: 1,685  
posted: 5/13/2019 7:12:36 PM(UTC)
Originally Posted by: dscoland Go to Quoted Post
I have revised the code for everyone.
The additional And conditions were not included with the Or conditions in the Case statements for the driver version, and the color coding. This should work.


Added this to the original post. Thanks!

Zaorac
#10Zaorac Member Posts: 1  
posted: 5/14/2019 1:40:30 PM(UTC)
First of all, thank you very much for this report!


One question though: If I'm not mistaken, different models of graphics cards of the same family (e.g. Quadro) use different drivers.

Example:

NVIDIA Quadro K1100M - R430 version
NVIDIA Quadro M1000M - R418 version

According to the table provided by NVIDIA (https://nvidia.custhelp.com/app/answers/detail/a_id/4797), these have different version numbers but in the report here they are considered unsafe if below 430.64:

Quote:
(tblVideoController.Caption Like '%Quadro%' And
NvidiaAssets.DriverVersion < 2621143064)


If this is indeed how it is, then it may report a safe driver as unsafe in the report. Just wanted to add that.
Esben.D
#11Esben.D Member Administration Original PosterPosts: 1,685  
posted: 5/15/2019 3:39:35 PM(UTC)
I updated the report so it will be more accurate and also since Nvidia released some more drivers to fix the vulnerabilities.

Also, driver versions that are not listed by nvidia as vulnerable will now display as safe in the report. I presume that the vulnerability is only present in the driver versions they mention.

Active Discussions

Lansweeper Clients missing specific Office feature
by  CyberCitizen   Go to last post Go to first unread
Last post: Today at 1:28:26 AM(UTC)
Report Center Windows 10 compliance (color-coded)
by  CyberCitizen  
Go to last post Go to first unread
Last post: Today at 1:15:07 AM(UTC)
Lansweeper User association report query
by  endyk   Go to last post Go to first unread
Last post: Yesterday at 9:47:25 PM(UTC)
Lansweeper Report for SSAS and SSIS
by  The Boss  
Go to last post Go to first unread
Last post: 6/25/2019 6:53:21 PM(UTC)
Lansweeper Firefox 67.0.3 zero-day vulnerability
by  Esben.D   Go to last post Go to first unread
Last post: 6/25/2019 3:34:44 PM(UTC)
Lansweeper PO Box Query
by  kmoc  
Go to last post Go to first unread
Last post: 6/25/2019 11:16:28 AM(UTC)
Lansweeper Computer Age Chart Report
by  CyberCitizen   Go to last post Go to first unread
Last post: 6/25/2019 8:40:47 AM(UTC)
Lansweeper Dell SupportAssist CVE-2019-12280
by  Esben.D  
Go to last post Go to first unread
Last post: 6/24/2019 9:15:20 AM(UTC)