Critical vulnerabilities in NVIDIA; update as soon as possible

NVIDIA security teams announced the release of a set of updates for their GPU display drivers and vGPU software, correcting a total of 16 security flaws. Six of the reported vulnerabilities are present in the GPU display driver; three flaws affect only Windows systems; a flaw affects all Linux systems; the last two flaws affect both Linux and Windows.

According to the report the most serious of the flaws found, identified as CVE-2021-1051, is a problem in the GPU driver for Windows that could lead to a denial of services (DoS) condition or privilege escalation attacks. The vulnerability received a score of 8.4/10 according to the Common Vulnerability Scoring System (CVSS).

La imagen tiene un atributo ALT vacío; su nombre de archivo es nvidia11012021.jpg

Another dangerous flaw lies in the NVIDIA driver for Windows and Linux whose exploitation could lead to privileged users accessing the API with administrator privileges. The flaw received a score of 7.8/10.

DoS attacks are a recurring topic in this report, as the following vulnerabilities listed (CVE-2021-1053 and CVE-2021-1054) also lead to this scenario. While the first flaw affects Windows and Linux systems, the latter only affects Windows systems.

All other reported errors affect the NVIDIA administrator vGPU plugin and could lead to loss of integrity and confidentiality, data modification, and disclosure of potentially sensitive information. These flaws received CVSS scores below 5.5/10.

The developers released the necessary updates to address the flaws in the GeForce, NVIDIA RTX/Quadro and NVS display drivers for Windows and Linux systems, as well as updating Tesla drivers for Windows, the patches of which will be released in the coming weeks.

The announcement also mentions the release of patches for vGPU software for Windows and Linux and for vGPU software for Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux KVM, Nutanix AHV.