Skip to main content

Nvidia has patched several serious security flaws affecting Windows and Linux devices

Nvidia Bulding
(Image credit: Shutterstock)

Nvidia has patched a number of security flaws in its GPU display drivers for Windows and Linux as well as its Nvidia Virtual GPU (vGPU) management software.

In total, the company's latest security update addresses six vulnerabilities in its display drivers and 10 security flaws that affect its vGPU management software. If exploited these vulnerabilities could lead to denial of service, escalation of privileges, data tampering or information disclosure on unpatched Windows and Linux systems.

Successful exploitation would allow an attacker to escalate privileges or to render machines running vulnerable drivers or software temporarily unusable by triggering a denial of service state.

Thankfully though, exploiting these bugs will be difficult as they all require local user access which means that a potential attacker would first need to gain access to a user's device using another method.

Display driver and vGPU vulnerabilities

Users with a Nvidia GPU should download the latest software update from the Nvidia Driver Downloads page to patch these vulnerabilities now.

According to Nvidia, customers that fail to patch these flaws manually may receive security updates that are bundled with Windows GPU display driver versions 460.84, 457.49 and 452.66 from their laptop or desktop hardware vendors.

Enterprise users looking to update Nvidia's vGPU software will need to log into Nvidia's Enterprise Application Hub in order to get the latest updates through the Nvidia Licensing Center.

Nvidia has fixed the issues in all of its display drivers and software with the exception of three vulnerabilities, tracked as CVE-2021-1052, CVE-2021-1053, and CVE-2021-1056, that impact the Linux GPU Display Driver for Tesla GPUs. These vulnerabilities will receive an updated driver version later this month.

Interested users can see the full list of security flaws addressed by Nvidia in the company's January 2021 Security Bulletin.

Via BleepingComputer