Published in PC Hardware

Nvidia patches 16 security holes

by on11 January 2021

Although the holes were rather small we had to count them all

The GPU maker named after a Roman vengence daemon, Nvidia, has released security updates to address six security vulnerabilities found in Windows and Linux GPU display drivers, as well as ten additional flaws affecting the Nvidia Virtual GPU (vGPU) management software.

The vulnerabilities expose Windows and Linux machines to attacks leading to denial of service, escalation of privileges, data tampering, information disclosure and black death (we made the last one up).

All these security bugs require local user access, which means that potential attackers will first have to gain access to vulnerable devices using an additional attack vector.

Exploitation of one of the vulnerabilities patched today, attackers can easily escalate privileges to gain permissions above the default ones granted by the OS.

They can be exploited to render machines running vulnerable drivers or software temporarily unusable by triggering denial-of-service states or to gain access to otherwise unobtainable information.

Nvidia has addressed the security issues in all affected software products and platforms with the exception of those tracked as CVE‑2021‑1052, CVE‑2021‑1053, and CVE‑2021‑1056 impacting the Linux GPU Display Driver for Tesla GPUs which will receive an update driver version starting with January 18, 2021.

The bugs come with CVSS V3 base scores ranging from 5.3 to 8.4, with11 of them having received a high-risk assessment from NVIDIA.

Nvidia's security bulletin says that the "risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation".

Nvidia recommends customers to update their GeForce, Nvidia RTX, Quadro, NVS, and Tesla GPU display drivers, as well as Virtual GPU Manager and guest driver software using the security updates available on the Nvidia Driver Downloads page.

The company says that some customers who will not patch the flaws manually may also receive security updates bundled with Windows GPU display driver 460.84, 457.49, and 452.66 versions from their computer hardware vendors.


Last modified on 11 January 2021
Rate this item
(0 votes)

Read more about: