Nvidia is warning GPU owners to update their graphics card drivers after discovering several high-level security vulnerabilities from the company. ThroatPost reports that Nvidia found bugs in its virtual GPU software and the display driver needed to perform the graphics driver function.
Nvidia has a table that shows drivers for its various product lines on Windows and Linux, but it doesn’t really matter. It seems that GeForce, Quadro, and Tesla drivers are weak in Windows and Linux, so it’s best to update your graphics driver.
In total, the company revealed 13 security vulnerabilities, five via the GPU display driver and eight via the VGPU software. Most sit between 7 and 8 on CVSS 3.1 (Common Vulnerability Scoring System), an open standard for rating security vulnerabilities on a scale of 1 to 10.
CVE most 2021‑1074 is one of the most pressing issues, based on CVSS 7.5. This vulnerability is reflected in the display driver installer, where an attacker with local system access can replace installation files with malicious ones. On the other end, CVE – 2021 other1078 achieved a base score of 5.5, indicating a vulnerability in the kernel driver that could cause a system crash.
There is also CVE – 2021‑1085 via VGPU software (base score of 7.3), which opens the ability to write data to shared memory locations and manipulate it after verification. Which can be denied privilege and service.
If you simply have an Nvidia graphics card, then you don’t have to worry about VGPU vulnerabilities. The VGPU software is designed for data centers, allowing operators to share graphics card power across multiple virtual machines. Nvidia recommends updating your graphics card driver via the Nvidia license downloading portal and the Nvidia driver download page (via the VGPU software) (if you have access to it).
Weaknesses highlight the importance of regularly updating your software and drivers. Earlier this year, Nvidia fixed a number of vulnerabilities in its display driver, and it carried the update whenever vulnerabilities appeared. The current batch of problems can lead to malicious code execution (ransomware, etc.), escalation of privileges, data disclosure, data corruption and / or service deprivation, so you should update your GPU driver as soon as possible.
All issues come via software, so it doesn’t matter which graphics card you have. Even with a last-gen or older GPU – a possible situation given the lack of a running graphics card – you still need to update your driver.