Nvidia has revealed several worrying security issues in its graphics card drivers, and is strongly recommending anyone with one of its GPUs to update its drivers as soon as possible.
As ThreatPost reports (opens in new tab), there are five driver security bugs that all score highly in the CVSS vulnerability scale.
- Where to buy the RTX 3080
- These are the best graphics cards of 2021
- These are the best antivirus tools
The most dangerous of the security bugs that Nvidia has acknowledged (opens in new tab) appears to be CVE-2021-1074, which is 7.5 out of 10 on the CVSS scale. This bug was found in the Nvidia driver’s installer, and could allow an attacker with physical access to swap out an application resource with malicious files. This could lead to malicious code being run, a denial of service attack, or personal information being stolen.
Meanwhile, CVE-2021-1075 is another high severity bug (scoring 7.3 on the CVSS scale), and resides in the nvlddmkm.sys handler for DxgkDdiEscape. As ThreatPost explains, “the program dereferences a pointer that contains a location for memory that is no longer valid, which may lead to code execution, denial of service, or escalation of privileges.”
CVE-2021-1076 is a medium-severity bug found in the Nvidia GPU Display Driver for Windows and Linux’s kernel mode layer, where malicious users can exploit improper access control (opens in new tab) to launch denial of service, information theft or data corruption attacks.
CVE-2021-1077 is a medium-level risk in the Windows and Linux drivers, where the driver “uses a reference count to manage a resource that is incorrectly updated, which may lead to denial of service.”
There is also another medium-severity bug, CVE-2021-1078, which was found in all versions of the Windows Nvidia Driver, and again affected the kernel – this time a NULL pointer deference could lead to the PC crashing.
If that’s not bad enough, Nvidia also revealed eight software vulnerabilities in its vGPU software – and these affect workstations and artificial intelligence workloads, and are all medium to high levels of severity.
What you should do
Nvidia has been quick to release driver updates to fix these vulnerabilities, and they should be installed as soon as possible, either though the Nvidia Driver Downloads page (opens in new tab) or via the GeForce Experience app if you have it installed.
Check out our guide on how to update and install the latest Nvidia graphics drivers for more help.
The amount and severity of these security bugs is certainly troubling, and we’ve contacted Nvidia for comment.
- These are the best laptops of 2021