Nvidia has patched a number of security vulnerabilities in its GPU Display and CUDA drivers as well as its Virtual GPU Manager software.
While these flaws require local user access, if exploited they could lead to code execution, denial of service, escalation of privileges and information disclosure on systems running Windows and Linux.
In total, Nvidia patched six vulnerabilities in its GPU Display driver and six vulnerabilities in its vGPU software and in its security bulletin (opens in new tab), the company lists the bugs with CVSS V3 base scores ranging from 4.4 to 7.8.
- Nvidia just made a huge leap in supercomputing power
- Nvidia makes Linux push with Cumulus Networks deal
- These are the best Nvidia graphics cards available now
Thankfully though, “the NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation”, according to Nvidia's security bulletin. The company also recommends that users consult an IT or security professional to accurately evaluate the risk of their specific system configuration.
Display driver and vGPU vulnerabilities
Nvidia is encouraging users to update their GeForce, Quadro, NVS and Tesla Windows GPU display drivers as well as their Virtual GPU Manager and guest driver software. To do so, you can apply the security updates available on the company's Driver Downloads page (opens in new tab).
For users that fail to patch these vulnerabilities manually, Nvidia says that they may also receive the Windows GPU display driver version 451.55, 446.06 and 443.18 from their computer hardware vendors, which also includes its latest security updates.
Enterprise users of Nvidia's vGPU software will need to log in to the Nvidia Enterprise Application Hub (opens in new tab) to download the updates through the Nvidia Licensing Center.
- Also check out our complete list of the best antivirus software
Via BleepingComputer (opens in new tab)