Skip to main content

Nvidia warns owners of its GPUs about a dangerous security vulnerability

Nvidia is warning GPU owners to update their graphics card drivers after the company discovered several high-level security vulnerabilities. ThreatPost reports that Nvidia found bugs in its virtual GPU software and the display driver that’s required for the graphics card to function.

Nvidia has a table showing the drivers for its different product lines across Windows and Linux, but it doesn’t really matter. It seems GeForce, Quadro, and Tesla drivers are vulnerable across Windows and Linux, so it’s best to update your graphics driver regardless.

In total, the company revealed 13 security vulnerabilities, five through the GPU display driver and eight through the vGPU software. Most sit in between 7 and 8 on CVSS 3.1 (Common Vulnerability Scoring System), which is an open standard for rating security vulnerabilities on a scale of 1 to 10.

CVE‑2021‑1074 is one of the most pressing issues, with a base CVSS score of 7.5. This vulnerability shows up in the display driver installer, where an attacker with local system access can replace the installation files with malicious ones. On the other end, CVE‑2021‑1078 received a base score of 5.5, which shows a vulnerability in the kernel driver that could lead to a system crash.

Image used with permission by copyright holder

There’s also CVE‑2021‑1085 through the vGPU software (base score of 7.3), which opens the potential to write data to shared memory locations and manipulate it after validation. That could lead to escalation of privileges and denial of service.

If you just have an Nvidia graphics card, you don’t need to worry about the vGPU vulnerabilities. The vGPU software is built for the data center, allowing operators to share graphics card power across several virtual machines. Nvidia recommends updating your graphics card driver through the Nvidia driver download page and the vGPU software through the Nvidia licensing portal (if you have access to it).

geforce rtx 3090
Image used with permission by copyright holder

The vulnerabilities highlight the importance of updating your software and drivers regularly. Earlier this year, Nvidia fixed several vulnerabilities in its display driver, and it continues to push updates whenever vulnerabilities show up. The current batch of problems may lead to malicious code execution (ransomware, etc.), escalation of privileges, data disclosure, data corruption, and/or denial of service, so you should update your GPU driver as soon as possible.

All of the issues come through software, so it doesn’t matter which graphics card you have. Even with a last-gen or older GPU — a likely situation given the ongoing graphics card shortage — you still need to update your driver.

Editors' Recommendations

Jacob Roach
Senior Staff Writer, Computing
Jacob Roach is a writer covering computing and gaming at Digital Trends. After realizing Crysis wouldn't run on a laptop, he…
Nvidia’s AI-driven game characters are getting toxic
Nvidia CEO delivering a keynote at Computex.

Nvidia ACE, the tool that's meant to transform games with generative AI, is evolving, and Nvidia has just revealed an interesting update to it. It turns out that developers won't just be able to utilize ACE to create fully-interactive characters, complete with dialogue and facial expressions, but they'll also be able to use Nvidia's new NeMo SteerLM technology to adapt these characters' personalities.

Nvidia initially announced its ACE tool earlier this year, keeping the details pretty scarce. ACE is something like ChatGPT for games, meant to make it easier for game developers to create characters with fully-developed backstories, adding more depth to the way they interact with players.

Read more
Why I leave Nvidia’s game-changing tech off in most games
Ratchet and Clank Rift Apart running on the Samsung Odyssey OLED G8.

Nvidia's most recent graphics cards have increasingly relied on Deep Learning Super Sampling (DLSS) 3 to find their value. GPUs like the RTX 4070 Ti and RTX 4060 Ti aren't impressive on their own, but factor DLSS 3 into the buying decision, and they start to become attractive. If you look at Nvidia's overall strategy for this generation of chips, it looks like the company has started selling DLSS, not graphics cards.

It's not hard to see why DLSS 3 is so important. It makes the impossible possible, like path tracing in Cyberpunk 2077, and it helps multiply frame rates far beyond what should be possible in games like Portal RTX. But now that we finally have DLSS 3 in more games and the party trick status has faded away, I've left Frame Generation off in most games. Here's why.
How DLSS 3 works

Read more
What is Nvidia DLAA? New anti-aliasing technology explained
Marvel's Spider-Man running on the Samsung Odyssey OLED G8.

After revealing the feature nearly two years ago, Nvidia's DLAA has slowly worked its way into a long list of games including Diablo IV, Baldur's Gate 3, and Marvel's Spider-Man. It's an AI-driven anti-aliasing feature exclusive to Nvidia's RTX graphics cards, and we're going to help you understand what it is and how it works.

At a high level, DLAA works on the same tech as Nvidia's wildly popular DLSS, but with much different results. It helps improve the final quality of the image in games, rather than reducing the quality to improve performance.
What is Nvidia DLAA?

Read more