Discover Vulnerable NVIDIA Drivers on Your Network
Nvidia released a new security bulletin detailing 10 new vulnerabilities in their display drivers for Geforce, RTX, Quadro and Tesla graphics cards. The vulnerabilities have CVSS base scores ranging from 8.5 down to 5.5 and can lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. You can find more information about the different vulnerabilities in the Nvidia May 2022 driver vulnerability blog post.
2022/05/20:
-Updated to fix an issue with Geforce RTX cards being recognized as professional RTX cards.
Nvidia GPU Display Driver Vulnerability Query
Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
tblAssets.IPAddress,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tsysOS.OSname As OS,
tblAssets.Version,
tblAssets.SP,
tblVideoController.Caption,
SubString(NvidiaAssets.DriverVersion, 0, Len(NvidiaAssets.DriverVersion) -
1) + '.' + SubString(NvidiaAssets.DriverVersion,
Len(NvidiaAssets.DriverVersion) - 1, Len(NvidiaAssets.DriverVersion)) As
DriverVersion,
Case
When tblVideoController.Caption Like '%geforce%' And
NvidiaAssets.DriverVersion Between 51000 And 51276 Then 'Vulnerable'
When (tblVideoController.Caption Like '%RTX%A%' Or
tblVideoController.Caption Like '%quadro%' Or
tblVideoController.Caption Like '%NVS%') And
NvidiaAssets.DriverVersion Between 51000 And 51277 Then 'Vulnerable'
When (tblVideoController.Caption Like '%RTX%A%' Or
tblVideoController.Caption Like '%quadro%' Or
tblVideoController.Caption Like '%NVS%') And
NvidiaAssets.DriverVersion Between 47000 And 47346 Then 'Vulnerable'
When tblVideoController.Caption Like '%tesla%' And
NvidiaAssets.DriverVersion Between 47000 And 47346 Then 'Vulnerable'
When tblVideoController.Caption Like '%tesla%' And
NvidiaAssets.DriverVersion Between 45000 And 45350 Then 'Vulnerable'
Else 'Safe'
End As [Vulnerable/Safe],
Case
When tblErrors.ErrorText Is Not Null Or
tblErrors.ErrorText != '' Then
'Scanning Error: ' + tsysasseterrortypes.ErrorMsg
Else ''
End As ScanningErrors,
tblAssets.Lastseen,
tblAssets.Lasttried,
Case
When tblVideoController.Caption Like '%geforce%' And
NvidiaAssets.DriverVersion Between 51000 And 51276 Then '#ffadad'
When (tblVideoController.Caption Like '%RTX%A%' Or
tblVideoController.Caption Like '%quadro%' Or
tblVideoController.Caption Like '%NVS%') And
NvidiaAssets.DriverVersion Between 51000 And 51277 Then '#ffadad'
When (tblVideoController.Caption Like '%RTXA%%' Or
tblVideoController.Caption Like '%quadro%' Or
tblVideoController.Caption Like '%NVS%') And
NvidiaAssets.DriverVersion Between 47000 And 47346 Then '#ffadad'
When tblVideoController.Caption Like '%tesla%' And
NvidiaAssets.DriverVersion Between 47000 And 47346 Then '#ffadad'
When tblVideoController.Caption Like '%tesla%' And
NvidiaAssets.DriverVersion Between 45000 And 45350 Then '#ffadad'
Else '#d4f4be'
End As backgroundcolor
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID,
Max(tblErrors.Teller) As ErrorID
From tblErrors
Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID =
ScanningError.ID
Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller
Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype =
tblErrors.ErrorType
Inner Join tblVideoController On
tblAssets.AssetID = tblVideoController.AssetID
Left Join (Select Top 1000000 tblAssets.AssetID,
Right(Convert(bigint,Replace(tblVideoController.DriverVersion, '.', '')),
5) As DriverVersion,
tblVideoController.Caption
From tblAssets
Inner Join tblVideoController On
tblAssets.AssetID = tblVideoController.AssetID
Where tblVideoController.Caption Like '%Nvidia%') As NvidiaAssets On
NvidiaAssets.AssetID = tblAssets.AssetID
Where (tblVideoController.Caption Like '%geforce%' Or
tblVideoController.Caption Like '%quadro%' Or
tblVideoController.Caption Like '%NVS%' Or tblVideoController.Caption Like
'%tesla%' Or tblVideoController.Caption Like '%RTX%A%') And
tblVideoController.DriverVersion Is Not Null And tblAssetCustom.State = 1
Order By tblAssets.Domain,
tblAssets.AssetName
2022/05/20:
-Updated to fix an issue with Geforce RTX cards being recognized as professional RTX cards.