Nvidia has an impressive lineup of graphics cards that power up machines for extreme processing of data such as during gaming or bitcoin mining and so on. Nvidia has warned GPU owners of potential threats after discovering several high-level security vulnerabilities with its graphics cards.
Nvidia warns users to update their GPU cards to the latest software patch
According to the statement released by Nvidia, these vulnerabilities affect both virtual GPU software and the display driver on GPU cards required for its proper functioning. This has affected Tesla, Quadro, and GeForce drivers alike across both Linux and Windows and the graphics card maker has asked users to update the software regardless of the lineup or model.
Nvidia has discovered 13 security vulnerabilities on Nvidia graphics cards with CVSS 3.1 levels between 7 and 8. CVSS is an open standard metric used to rate security vulnerabilities on a scale of 1 to 10.
The CVE-2021-1074 is one of the vulnerable with a score of 7.5 on the CVSS scale. The bug was found in the Nvidia driver’s installer as it can allow attackers to swap out application resources and install malicious files if they have physical access to the graphics card. This could cause several issues including stolen personal information, denial of service attack, malicious code being run, and so on.
Another vulnerability is tagged as CVE-2021-1078 with a CVSS score of 5.5 that causes issues with the kernel driver causing the system to crash. There’s a mention of CVE-2021-1085 with a base score of 7.3 found in the virtual GPU software that could allow attackers to write data into the shared memory location. They can manipulate it and cause a series of ill-effects including denial of services and escalation of privileges.
Nvidia has asked GPU users to update the graphics card drivers via the Nvidia driver download page. On the other hand, users can go to the Nvidia licensing portal to update the vGPU software. This explains why it is crucial to keep systems updated. Nvidia keeps the vulnerabilities in check and pushes updates when it discovers vulnerabilities that could cause a myriad of ill-effects.