Nvidia has rolled out patches for several security vulnerabilities existing in its GPU display of Windows and Linux devices. Also, rolled out fixes for flaws in virtual GPU software. It’s reported that exploiting any of the said vulnerabilities could lead to privilege escalation, DDoS attacks, and leaking data.
Critical Vulnerabilities in Nvidia GPU
Nvidia is a popular GPU maker, where it’s products are used in various machines to process tasks. The America GPU vendor has today released patches to address various issues in several of its products. These include some in the GPU display drivers, and some in its Virtual GPU (vGPU) management software.
There were six vulnerabilities in display drivers and eleven in vGPU software. Nvidia warned that a threat actor can abuse any of the vulnerabilities to gain admin privileges from being of a low-level, or let them perform DDoS attacks. Further, they can also let them obtain sensitive data, and tamper with it if desired.
Nvidia has noted down all the security vulnerabilities here, with all of them ranging from 5.3 to 8.4 severity scores. The maker has rolled out patches to all the vulnerabilities, except to few as CVE‑2021‑1052, CVE‑2021‑1053, and CVE‑2021‑1056, which affect the Linux GPU Display Driver for Tesla GPUs.
Well, Nvidia said these issues will be addressed with patches releasing on January 18, and said they’ll be bundled with updates coming from their hardware vendors, in the form of Windows GPU display driver updates version 460.84, 457.49, and 452.66.
Recommending users of GeForce, NVIDIA RTX, Quadro, NVS, and Tesla GPU display drivers to update, it advised consulting a security or an IT professional to evaluate risks and applying theirs as per configurations. While the Nvidia enterprise customers are asked to visit the Enterprise Application Hub, you can follow these steps to know which NVIDIA driver version you’re running on.