Windows users with Nvidia graphics cards should update their display drivers immediately to patch several problematic (and potentially crash-inducing) bugs.
Nvidia’s recent security bulletin outlines thirteen major vulnerabilities; five affect Nvidia’s display drivers and eight are found in Nvidia’s vGPU software. While all thirteen are serious threats, the five display-driver bugs pose the biggest risks to regular users, as they affect all Windows and Linux PCs with an Nvidia GPU.
- CVE-2021-1074: 7.5 CVSS rating. Allows local attackers with physical access to your PC to manipulate the Nvidia installer. The attack could use this vulnerability to run malicious code being, steal your data, or execute a denial of service attack.
- CVE-2021-1075: 7.3 CVSS rating. A memory issue in Nvidia’s Windows display driver that leaves your PC open to various malware attacks and remote access.
- CVE-2021-1076: 6.6 CVSS rating. An issue in the Windows and Linux drivers that could let hackers access, steal, and/or corrupt your PC’s data and execute denial of service attacks.
- CVE-2021-1077: 6.6 CVSS rating. Another issue in both Windows and Linux drivers that could be used to launch denial of service attacks.
- CVE-2021-1078: 5.5 CVSS rating. An issue in the Windows drivers that could cause sudden PC crashes.
Nvidia pushed an emergency patch last week to fix these vulnerabilities. You can download the updated drivers through the GeForce experience app, or simply grab the installation file from Nvidia’s downloads page.
As for the eight vGPU software bugs, four are high-severity, with a 7.8 CVSS rating’ the others range from 5.1 to 7.5 CVSS threat levels. They allow for several possible outcomes, such as privilege-escalation attacks, arbitrary code execution, information disclosure, data tampering, denial of service attacks, memory corruption, and more. These are serious threats too, but only affect those licensing Nvidia’s vGPU software.
Leave a Reply
You must be logged in to post a comment.