Nvidia has listed a bunch of its products that are infested with Log4Shell and warned users to update their clients to avoid falling prey to cyberattacks.
The graphics maker said it detected attacks against its enterprise software in wild, while the customer clients are safe. Yet, some software of Nvidia are seen using Log4j packages within them and are subjected to hacks. So updating them to available patches is recommended.
Log4Shell Attacks Against Nvidia Software
Just as the Log4j package is widely used by many companies in their software libraries, Nvidia is a key player in most graphic devices. Thus, if Nvidia is using the Log4j, most of its clients are subjected to Log4Shell attacks too, which are widely happening around the world.
And Nvidia officially noted it too, now. As per its security advisory, Nvidia said its widely used user software like the,
- GeForce Experience client software
- GeForceNOW client software
- GPU Display Drivers for Windows
- L4T Jetson Products
- SHIELD TV, is not subjected to any hacks now.
But, their enterprise software like the Nsight Eclipse Edition, NetQ, and vGPU Software License Server is vulnerable to attacks. Well, updates for them to patch the Log4Shell are available too. For Nsight Eclipse Edition, Nvidia said the versions below 11.0 are at risk for CVE-2021-33228 and CVE-2021-45046, which can be fixed with the latest update.
For NetQ, the versions below 4.1.0 are vulnerable to CVE-2021-33228, CVE-2021-45046, and CVE-2021-45105 bugs, and a later version is available to save them. Finally, the vGPU Software License Server is subjected to CVE-2021-33228 and CVE-2021-45046 bugs, that can be patched with the latest version available.
Also, there’s a CUDA toolkit that has Log4j file in it but is not used. So Nvidia is pushing an update next month to remove them, to safeguard the users from unwanted risks.