Skip to main content

Nvidia warns owners of its GPUs about a dangerous security vulnerability

Nvidia is warning GPU owners to update their graphics card drivers after the company discovered several high-level security vulnerabilities. ThreatPost reports that Nvidia found bugs in its virtual GPU software and the display driver that’s required for the graphics card to function.

Nvidia has a table showing the drivers for its different product lines across Windows and Linux, but it doesn’t really matter. It seems GeForce, Quadro, and Tesla drivers are vulnerable across Windows and Linux, so it’s best to update your graphics driver regardless.

In total, the company revealed 13 security vulnerabilities, five through the GPU display driver and eight through the vGPU software. Most sit in between 7 and 8 on CVSS 3.1 (Common Vulnerability Scoring System), which is an open standard for rating security vulnerabilities on a scale of 1 to 10.

Get your weekly teardown of the tech behind PC gaming
Check your inbox!

CVE‑2021‑1074 is one of the most pressing issues, with a base CVSS score of 7.5. This vulnerability shows up in the display driver installer, where an attacker with local system access can replace the installation files with malicious ones. On the other end, CVE‑2021‑1078 received a base score of 5.5, which shows a vulnerability in the kernel driver that could lead to a system crash.

Image used with permission by copyright holder

There’s also CVE‑2021‑1085 through the vGPU software (base score of 7.3), which opens the potential to write data to shared memory locations and manipulate it after validation. That could lead to escalation of privileges and denial of service.

If you just have an Nvidia graphics card, you don’t need to worry about the vGPU vulnerabilities. The vGPU software is built for the data center, allowing operators to share graphics card power across several virtual machines. Nvidia recommends updating your graphics card driver through the Nvidia driver download page and the vGPU software through the Nvidia licensing portal (if you have access to it).

geforce rtx 3090
Image used with permission by copyright holder

The vulnerabilities highlight the importance of updating your software and drivers regularly. Earlier this year, Nvidia fixed several vulnerabilities in its display driver, and it continues to push updates whenever vulnerabilities show up. The current batch of problems may lead to malicious code execution (ransomware, etc.), escalation of privileges, data disclosure, data corruption, and/or denial of service, so you should update your GPU driver as soon as possible.

All of the issues come through software, so it doesn’t matter which graphics card you have. Even with a last-gen or older GPU — a likely situation given the ongoing graphics card shortage — you still need to update your driver.

Editors' Recommendations

Jacob Roach
Lead Reporter, PC Hardware
Jacob Roach is the lead reporter for PC hardware at Digital Trends. In addition to covering the latest PC components, from…
Nvidia is replacing its crusty, Windows XP-era app with something much better
A screenshot of the Nvidia app.

Nvidia's latest announcement is one that many of us have been waiting for. The company is releasing a new software solution that will, hopefully, one day replace the Nvidia Control Panel and GeForce Experience. Dubbed simply "Nvidia App," the software is now in beta and is available for testing.

Those of us who own some of Nvidia's top GPUs (or even some of the worst ones) are forced to use the Nvidia Control Panel for tuning things like display settings, game performance, and monitor refresh rates. Meanwhile, GeForce Experience optimizes game settings and provides an in-game overlay that can be used for things like recording bits of your gameplay. The lack of a unified app can get confusing and annoying to those who aren't familiar with it.

Read more
Why I’m feeling hopeful about Nvidia’s RTX 50-series GPUs
The RTX 4070 Super on a pink background.

I won't lie -- I was pretty scared of Nvidia's RTX 50-series, and I stand by the opinion that those fears were valid. They didn't come out of thin air; they were fueled by Nvidia's approach to GPU pricing and value for the money.

However, the RTX 40 Super refresh is a step in the right direction, and it's one I never expected to happen. Nvidia's most recent choices show that it may have learned an important lesson, and that's good news for future generations of graphics cards.
The price of performance
Nvidia really didn't hold back in the RTX 40 series. It introduced some of the best graphics cards we've seen in a while, but raw performance isn't the only thing to consider when estimating the value of a GPU. The price is the second major factor and weighing it against performance can often tip the scales from "great" to "disappointing." That was the case with several GPUs in the Ada generation.

Read more
CableMod’s adapters damaged up to $74K worth of Nvidia GPUs
Melted 12VHPWR connector made by CableMod for the RTX 4090.

CableMod's adapters were meant to fix the problem of melting connectors on Nvidia's top GPU, the RTX 4090, but it appears that things didn't go as planned. The Consumer Product Safety Commission has posted a notice that the CableMod 12VHPWR angled adapters are being recalled due to fire and burn hazards. More than 25,300 adapters are to be returned, and the affected customers are eligible for a full refund.

The connectors on the RTX 4090 have been melting ever since the GPU hit the shelves in late 2022, and so far, the only fix seems to lie in careful installation and picking the right PC case that can accommodate this monstrous card. CableMod's angled adapters showed a lot of promise, at least initially. Seeing as bending the cable can contribute to the overheating, an angled adapter should have been just the fix -- but unfortunately, the melting continued, even with the use of CableMod's solution.

Read more