Krenum
Fully [H]
- Joined
- Apr 29, 2005
- Messages
- 19,193
https://www.techradar.com/news/nvid...ers-right-now-due-to-severe-security-problems
Nvidia has revealed several worrying security issues in its graphics card drivers, and is strongly recommending anyone with one of its GPUs to update its drivers as soon as possible.
As ThreatPost reports, there are five driver security bugs that all score highly in the CVSS vulnerability scale".
The most dangerous of the security bugs that Nvidia has acknowledged appears to be CVE-2021-1074, which is 7.5 out of 10 on the CVSS scale. This bug was found in the Nvidia driver’s installer, and could allow an attacker with physical access to swap out an application resource with malicious files. This could lead to malicious code being run, a denial of service attack, or personal information being stolen.
Meanwhile, CVE-2021-1075 is another high severity bug (scoring 7.3 on the CVSS scale), and resides in the nvlddmkm.sys handler for DxgkDdiEscape. As ThreatPost explains, “the program dereferences a pointer that contains a location for memory that is no longer valid, which may lead to code execution, denial of service, or escalation of privileges.”
Furthermore,
CVE-2021-1076 is a medium-severity bug found in the Nvidia GPU Display Driver for Windows and Linux’s kernel mode layer, where malicious users can exploit improper access control to launch denial of service, information theft or data corruption attacks.
CVE-2021-1077 is a medium-level risk in the Windows and Linux drivers, where the driver “uses a reference count to manage a resource that is incorrectly updated, which may lead to denial of service.”
There is also another medium-severity bug, CVE-2021-1078, which was found in all versions of the Windows Nvidia Driver, and again affected the kernel – this time a NULL pointer deference could lead to the PC crashing.
If that’s not bad enough, Nvidia also revealed eight software vulnerabilities in its vGPU software – and these affect workstations and artificial intelligence workloads, and are all medium to high levels of severity.
Nvidia has revealed several worrying security issues in its graphics card drivers, and is strongly recommending anyone with one of its GPUs to update its drivers as soon as possible.
As ThreatPost reports, there are five driver security bugs that all score highly in the CVSS vulnerability scale".
The most dangerous of the security bugs that Nvidia has acknowledged appears to be CVE-2021-1074, which is 7.5 out of 10 on the CVSS scale. This bug was found in the Nvidia driver’s installer, and could allow an attacker with physical access to swap out an application resource with malicious files. This could lead to malicious code being run, a denial of service attack, or personal information being stolen.
Meanwhile, CVE-2021-1075 is another high severity bug (scoring 7.3 on the CVSS scale), and resides in the nvlddmkm.sys handler for DxgkDdiEscape. As ThreatPost explains, “the program dereferences a pointer that contains a location for memory that is no longer valid, which may lead to code execution, denial of service, or escalation of privileges.”
Furthermore,
CVE-2021-1076 is a medium-severity bug found in the Nvidia GPU Display Driver for Windows and Linux’s kernel mode layer, where malicious users can exploit improper access control to launch denial of service, information theft or data corruption attacks.
CVE-2021-1077 is a medium-level risk in the Windows and Linux drivers, where the driver “uses a reference count to manage a resource that is incorrectly updated, which may lead to denial of service.”
There is also another medium-severity bug, CVE-2021-1078, which was found in all versions of the Windows Nvidia Driver, and again affected the kernel – this time a NULL pointer deference could lead to the PC crashing.
If that’s not bad enough, Nvidia also revealed eight software vulnerabilities in its vGPU software – and these affect workstations and artificial intelligence workloads, and are all medium to high levels of severity.