Nvidia fixes eight critical vulnerabilities

Graphics processor developers offer protection against vulnerabilities found on Windows and Linux systems

Nvidia, a company specializing in the development of graphic processing units, has included an unusual feature in its new releases: protection against eight vulnerabilities that could be used to deploy some cyberattack variants, as mentioned by network security and ethical hacking experts from the International Institute of Cyber Security.

In a blog post, the company reported on its decision to provide protection against the exploitation of some vulnerabilities, which vary in scope. According to network security experts, these vulnerabilities could allow malicious hackers to enable remote code execution, escalation of privileges, and even generate denial of service (DDoS) conditions. These vulnerabilities are found on Windows, Linux, and Solaris operating systems.

One of the reported vulnerabilities, tracked as CVE-2018-6260, allows attacks similar to the well-known Spectre and Meltdown, mentioned experts in network security; however, this flaw has not been considered critical because it is not exploitable remotely. According to Nvidia, it is necessary to perform some additional actions to completely correct this vulnerability in Windows and Linux operating systems.

All vulnerabilities have already been evaluated according to the Common vulnerability Scoring System; while the vulnerabilities considered minor received scores of 3/10, the most severe ones was scored with 8.8/10. The company mentions that there are no known ways to mitigate risks, so it requires the new Nvidia drivers to correct the errors.

Nvidia emphasizes that it is very important to install these versions, even without all the updates that invite people to update their graphics configurations. These new drivers are available through the Nvidia website.