Skip to main content
  1. Home
  2. Computing
  3. News

Nvidia warns owners of its GPUs about a dangerous security vulnerability

By

Nvidia is warning GPU owners to update their graphics card drivers after the company discovered several high-level security vulnerabilities. ThreatPost reports that Nvidia found bugs in its virtual GPU software and the display driver that’s required for the graphics card to function.

Nvidia has a table showing the drivers for its different product lines across Windows and Linux, but it doesn’t really matter. It seems GeForce, Quadro, and Tesla drivers are vulnerable across Windows and Linux, so it’s best to update your graphics driver regardless.

Recommended Videos

In total, the company revealed 13 security vulnerabilities, five through the GPU display driver and eight through the vGPU software. Most sit in between 7 and 8 on CVSS 3.1 (Common Vulnerability Scoring System), which is an open standard for rating security vulnerabilities on a scale of 1 to 10.

Related

CVE‑2021‑1074 is one of the most pressing issues, with a base CVSS score of 7.5. This vulnerability shows up in the display driver installer, where an attacker with local system access can replace the installation files with malicious ones. On the other end, CVE‑2021‑1078 received a base score of 5.5, which shows a vulnerability in the kernel driver that could lead to a system crash.

There’s also CVE‑2021‑1085 through the vGPU software (base score of 7.3), which opens the potential to write data to shared memory locations and manipulate it after validation. That could lead to escalation of privileges and denial of service.

If you just have an Nvidia graphics card, you don’t need to worry about the vGPU vulnerabilities. The vGPU software is built for the data center, allowing operators to share graphics card power across several virtual machines. Nvidia recommends updating your graphics card driver through the Nvidia driver download page and the vGPU software through the Nvidia licensing portal (if you have access to it).

geforce rtx 3090

The vulnerabilities highlight the importance of updating your software and drivers regularly. Earlier this year, Nvidia fixed several vulnerabilities in its display driver, and it continues to push updates whenever vulnerabilities show up. The current batch of problems may lead to malicious code execution (ransomware, etc.), escalation of privileges, data disclosure, data corruption, and/or denial of service, so you should update your GPU driver as soon as possible.

All of the issues come through software, so it doesn’t matter which graphics card you have. Even with a last-gen or older GPU — a likely situation given the ongoing graphics card shortage — you still need to update your driver.

Editors' Recommendations

Topics
Jacob Roach
Jacob Roach
Senior Staff Writer, Computing
Jacob Roach is a writer covering computing and gaming at Digital Trends. After realizing Crysis wouldn't run on a laptop, he…
AMD might crush Nvidia with its laptop GPUs — but it’s silent on the desktop front
A woman sits by a desk and plays a game on a laptop equipped with an AMD processor.

AMD's graphics card lineup for laptops is on the way, and by the sound of it, it's shaping up to be pretty exciting -- and it's already bigger than Team Red's current desktop range.

According to a recent leak, AMD may even be able to rival Nvidia's best desktop GPUs with its Navi 32 cards. But where are the desktop equivalents?

Read more
Nvidia defies pushback, defends 8GB of VRAM in recent GPUs
RTX 4060 Ti sitting on a pink background.

Nvidia's CEO Jensen Huang is defending the recently-launched RTX 4060 Ti, and in particular, its 8GB of VRAM. The executive spoke about gaming and recent GPU releases in a roundtable interview with reporters at Computex 2023, where he faced questions about the limited VRAM on Nvidia's most recent GPU.

PCWorld shared a quote in which Huang defended the 8GB of VRAM and told gamers to focus more on how that VRAM is managed: "Remember the frame buffer is not the memory of the computer -- it is a cache. And how you manage the cache is a big deal. It is like any other cache. And yes, the bigger the cache is, the better. However, you’re trading off against so many things."

Read more
Nvidia’s supercomputer may bring on a new era of ChatGPT
Nvidia's CEO showing off the company's Grace Hopper computer.

Nvidia has just announced a new supercomputer that may change the future of AI. The DGX GH200, equipped with nearly 500 times more memory than the systems we're familiar with now, will soon fall into the hands of Google, Meta, and Microsoft.

The goal? Revolutionizing generative AI, recommender systems, and data processing on a scale we've never seen before. Are language models like GPT going to benefit, and what will that mean for regular users?

Read more