Happy New Year! Nvidia has released new security patches for its Windows and Linux graphics drivers and vGPU software.
These flaws "could lead to denial of service, privilege escalation, data tampering, or information disclosure," Nvidia said in a security bulletin released yesterday (January 7).
In layman's terms, this means that an attacker may be able to stop a graphics card from working, take control of a PC, modify files, or steal sensitive data.
On the bright side, exploiting any of these flaws requires local access to the PC or Linux box. In other words, for the attack to be successful, the attacker must be using that computer or perhaps another computer on the local network. [The technical details of each flaw are beyond the scope of this article, but can be read in a handy chart posted by Nvidia in its Security Bulletin.
Users of Nvidia consumer graphics cards with the GeForce Experience desktop application installed will be prompted to install the update. (Windows users of Nvidia GeForce cards will be updated to driver version 461.09.
If you do not have GeForce Experience installed, or if the update does not materialize, you can obtain the patch directly from Nvidia Driver Downloads, as long as you know the type of graphics card you have.13]
Alternatively, in its security bulletin, Nvidia notes that "computer hardware vendors may have provided Windows GPU display drivers such as 460.84, 457.49, and 452.66 that contain security updates."
It has been pointed out that "Linux users may be receiving security updates for their Windows GPUs.
Linux users may be able to obtain patches through daily software updates. If not, Nvidia Driver Downloads can provide patches.
Nvidia has been in the news recently because of the extreme difficulty in finding new generation GeForce graphics cards such as the RTX 3060 Ti, RTX 3070, RTX 3080, and the $1500 RTX 3090. Supply is so scarce and demand so high that the price of Nvidia's previous generation GPUs, the RTX 20 series, has doubled. The defects that are being patched affect drivers for all of these cards. [10 of the 16 defects affect only Nvidia's vGPU software, which allows multiple virtual machines (software-only computers running inside other computers) to access a single graphics card. This type of setup is primarily done in corporate environments, not consumer environments.
In 2020, Nvidia released at least three security patches for graphics drivers and desktop software. This is not a bad sign because all software has flaws and this steady stream of fixes shows that Nvidia is on top of things.
Comments