For those using Nvidia GPUs, graphics card manufacturers are recommending that drivers be updated immediately. These bugs affect both consumer GPUs and enterprise customers.
The first bug you need to be aware of is CVE-2021-1074. This bug allows a malicious attacker to replace the contents of an application with a compromised file. This attacker must first gain access to the local system, and then another attack must break into the local system. As a result of this bug, a malicious person could be able to do many things on your computer. [The second bug, CVE-2021-1075, details a kernel-mode layer issue. Interestingly, this is not the first time this has been an issue for Nvidia; Google's Project Zero noted that the DxgkDdiEscape interface is vulnerable to attack. The bug could leak system information, allow an attacker to execute code, or lock you out of your own computer.
Bugs CVE-2021-1076 and 1077 are both vulnerable in the kernel model layer. Bug 1076 allows an attacker to corrupt data, render a machine unusable, or leak information.
These bugs seem to be present in most Nvidia drivers and may cause problems for those with older cards that are no longer updated; in the 1077 driver, both Nvidia's R450 and R460 branches are affected, and this bug can may lead to a denial of service.
The last bug is ranked as the least serious, but CVE-2021-1078 can cause computers to crash if a vulnerability in the kernel driver nvlddmkm.sys is attacked. This is more of an inconvenience than a serious problem, but annoying nonetheless.
Most people will keep their graphics drivers up-to-date. However, if you continue to use older drivers for special reasons, such as compatibility, you may want to consider updating them if possible.
Nvidia's vGPUs have eight different security issues that ThreatPost has covered. vGPU drivers only work with some Quadro, Tesla, and A100 GPUs, so most home users will not be affected. If you run them on any system, you will need to obtain software updates through the Nvidia Licensing Portal.
This means downloading the latest drivers from Nvidia as soon as possible.
Comments