Skip to main content
  1. Home
  2. Computing
  3. News

Nvidia warns owners of its GPUs about a dangerous security vulnerability

By

Nvidia is warning GPU owners to update their graphics card drivers after the company discovered several high-level security vulnerabilities. ThreatPost reports that Nvidia found bugs in its virtual GPU software and the display driver that’s required for the graphics card to function.

Nvidia has a table showing the drivers for its different product lines across Windows and Linux, but it doesn’t really matter. It seems GeForce, Quadro, and Tesla drivers are vulnerable across Windows and Linux, so it’s best to update your graphics driver regardless.

Recommended Videos

In total, the company revealed 13 security vulnerabilities, five through the GPU display driver and eight through the vGPU software. Most sit in between 7 and 8 on CVSS 3.1 (Common Vulnerability Scoring System), which is an open standard for rating security vulnerabilities on a scale of 1 to 10.

Get your weekly teardown of the tech behind PC gaming
Check your inbox!
Privacy Policy

CVE‑2021‑1074 is one of the most pressing issues, with a base CVSS score of 7.5. This vulnerability shows up in the display driver installer, where an attacker with local system access can replace the installation files with malicious ones. On the other end, CVE‑2021‑1078 received a base score of 5.5, which shows a vulnerability in the kernel driver that could lead to a system crash.

Image used with permission by copyright holder

There’s also CVE‑2021‑1085 through the vGPU software (base score of 7.3), which opens the potential to write data to shared memory locations and manipulate it after validation. That could lead to escalation of privileges and denial of service.

Related

If you just have an Nvidia graphics card, you don’t need to worry about the vGPU vulnerabilities. The vGPU software is built for the data center, allowing operators to share graphics card power across several virtual machines. Nvidia recommends updating your graphics card driver through the Nvidia driver download page and the vGPU software through the Nvidia licensing portal (if you have access to it).

geforce rtx 3090
Image used with permission by copyright holder

The vulnerabilities highlight the importance of updating your software and drivers regularly. Earlier this year, Nvidia fixed several vulnerabilities in its display driver, and it continues to push updates whenever vulnerabilities show up. The current batch of problems may lead to malicious code execution (ransomware, etc.), escalation of privileges, data disclosure, data corruption, and/or denial of service, so you should update your GPU driver as soon as possible.

All of the issues come through software, so it doesn’t matter which graphics card you have. Even with a last-gen or older GPU — a likely situation given the ongoing graphics card shortage — you still need to update your driver.

Editors’ Recommendations

Topics
Jacob Roach
Jacob Roach
Lead Reporter, PC Hardware
Jacob Roach is the lead reporter for PC hardware at Digital Trends. In addition to covering the latest PC components, from…
Nvidia’s next-gen GPUs may be delayed due to ‘design flaws’
Nvidia introducing its Blackwell GPU architecture at GTC 2024.

Dark clouds are looming over the future of Nvidia's best graphics cards. According to a new report, Nvidia told some of its partners that it will be delaying its upcoming Blackwell GPUs, and is now aiming for an early 2025 release instead. Delays are one thing, but the cause is perhaps the most worrying part of it all -- design flaws. What does this mean for Nvidia's RTX 50-series?

This worrying report originates from The Information, which cites two sources who helped produce the Blackwell chip, as well as its server hardware. Bloomberg recounts that the chips may be delayed by over three months at this point. Nvidia is preparing B100 and B200 chips for some of the world's most prominent tech companies, including Meta, Google, and Microsoft, so these delays could hit pretty hard.

Read more
The U.S. government is investigating Nvidia over AI dominance
Nvidia CEO Jensen in front of a background.

Nvidia is the target of a new U.S. Department of Justice (DOJ) investigation. The DOJ is looking into Nvidia's dominance in the AI market through its graphics cards, and specifically looking at if it has leveraged its commanding lead over 80% of that market to lock out competitors from entering it, The Information reports.

On July 30, multiple U.S. groups urged the DOJ to launch an investigation into Nvidia, including democratic senator Elizabeth Warren. The letter to the DOJ cites Nvidia's command of 80% of all GPU chips in the world, and specifically its 98% dominance in the data center market. "Nvidia's size means it now holds control over the world's computing destiny, which gives it dangerous leverage over the global economy," the letter reads.

Read more
This toolkit just upended Nvidia’s dominance over pro GPUs
Nvidia introducing its Blackwell GPU architecture at GTC 2024.

Nvidia is the undisputed leader in professional GPU applications, and that doesn't come down solely to making the best graphics cards. A big piece of the puzzle is Nvidia's CUDA platform, which is the bedrock for everything from Blender to various AI applications. The new Scale tool, developed by Spectral Compute, aims to break down the walled garden.

Although we've seen competitors to the CUDA software stack, such as AMD ROCm, Scale is a "drop-in replacement" for CUDA. It's a compiler that allows CUDA applications to be natively compiled on AMD GPUs. Spectral Compute says Scale accepts CUDA programs as is, without the need to port to another language. In Spectral's own words, "... existing build tools and scripts just work."

Read more