Nvidia Patch 12 Serious Security Flaws — What To Do Now

Nvidia Patch 12 Serious Security Flaws — What To Do Now

Nvidia is asking that graphics card drivers be patched due to the existence of 12 serious security vulnerabilities affecting Nvidia software for Windows and Linux.

According to an Nvidia security bulletin posted yesterday (June 24), these flaws "could lead to denial of service, privilege escalation, or information disclosure." It also mentions "code execution."

In other words, Nvidia's software could just stop working, or could be exploited by malware already on the machine to gain administrative privileges, steal personal or sensitive information, or run more malware.

However, these vulnerabilities cannot be exploited from outside the local network, so an attacker would need to be on or near the machine to take advantage of these flaws.

Five of the flaws affect Nvidia GeForce software for Windows, which must be updated to version 451.48. GeForce software for Linux is affected by two vulnerabilities, one of the five Windows vulnerabilities and the Linux software should be updated to version 450.51. The same vulnerability also affects professional Quadro, NVS, and Tesla drivers.

Six other flaws affect Nvidia's virtual GPU software for virtual machines in enterprise environments.

To update the driver, simply make sure you are logged in as a system administrator (default for most versions of Windows and Linux), open the GeForce interface, and click the Drivers button in the upper left corner. Linux Some distributions package driver updates together with regular software updates.

Alternatively, you can go to Nvidia's Driver Downloads page, plug in your product and system information, and download and install the driver manually.

This is a larger batch of flaws than the previous Nvidia security update that included two vulnerabilities in March 2020.

Categories