Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
NVIDIA fixes high severity flaws affecting Windows, Linux devices
NVIDIA has released security updates to address six security vulnerabilities found in Windows and Linux GPU display drivers, as well as ten additional flaws affecting the NVIDIA Virtual GPU (vGPU) management software.

The vulnerabilities expose Windows and Linux machines to attacks leading to denial of service, escalation of privileges, data tampering, or information disclosure.

All these security bugs require local user access, which means that potential attackers will first have to gain access to vulnerable devices using an additional attack vector.

Eleven high severity vulnerabilities patched

Following successful exploitation of one of the vulnerabilities patched today, attackers can easily escalate privileges to gain permissions above the default ones granted by the OS.

They can also be exploited to render machines running vulnerable drivers or software temporarily unusable by triggering denial-of-service states or to gain access to otherwise unobtainable information.

NVIDIA has addressed the security issues in all affected software products and platforms with the exception of those tracked as CVE‑2021‑1052, CVE‑2021‑1053, and  CVE‑2021‑1056 impacting the Linux GPU Display Driver for Tesla GPUs which will receive an update driver version starting with January 18, 2021.

The bugs come with CVSS V3 base scores ranging from 5.3 to 8.4, with11 of them having received a high-risk assessment from NVIDIA.

NVIDIA's security bulletin says that the "risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation."

The company also advises consulting an IT or security professional to correctly evaluate the risk these vulnerabilities pose to your specific system configuration.

The full list of security flaws addressed by NVIDIA this month is available in the January 2021 Security Bulletin.

Some driver versions available via hardware vendors

NVIDIA recommends customers to update their GeForce, NVIDIA RTX, Quadro, NVS, and Tesla GPU display drivers, as well as Virtual GPU Manager and guest driver software using the security updates available on the NVIDIA Driver Downloads page.

The company also says that some customers who will not patch the flaws manually may also receive security updates bundled with Windows GPU display driver 460.84, 457.49, and 452.66 versions from their computer hardware vendors.

Enterprise NVIDIA vGPU software users have to log into NVIDIA's Enterprise Application Hub to get the updates through the NVIDIA Licensing Center.


Possibly Related Threads…
Thread Author Replies Views Last Post
  QBot phishing uses Windows Calculator sideloading to infect devices mrtrout 0 331 07-25-2022 , 01:25 AM
Last Post: mrtrout
  Firefox 98.0.2 fixes a crash on Windows, an add-ons issue, and more Mohammad.Poorya 0 1,217 03-23-2022 , 03:09 PM
Last Post: Mohammad.Poorya
  VMware Patches Important Bug Affecting ESXi, Workstation and Fusion Products mrtrout 0 236 01-06-2022 , 07:26 PM
Last Post: mrtrout
  Microsoft November 2021 Patch Tuesday fixes 6 zero-days, 55 flaws mrtrout 0 255 11-09-2021 , 10:20 PM
Last Post: mrtrout
  Harris Federation hit by ransomware attack affecting 50 schools Bjyda 0 533 03-30-2021 , 03:57 PM
Last Post: Bjyda

Forum Jump:

Users browsing this thread: 1 Guest(s)