- Nvidia graphics driver drivers#
- Nvidia graphics driver update#
- Nvidia graphics driver driver#
- Nvidia graphics driver Patch#
Supply-Chain Security: A 10-Point Audit Webinar: Is your company’s software supply-chain prepared for an attack? On Wed., Jan.
Nvidia graphics driver Patch#
Last year, the company issued its fair share of patches including fixes for two high-severity flaws in the Windows version of its GeForce Experience software, and a patch for a critical bug in its high-performance line of DGX servers, both in October and a high-severity flaw in its GeForce NOW application software for Windows in November. The security advisory is Nvidia’s first in 2021. The graphics chip manufacturer has likewise released fixes for specific versions of the vGPU software affected by these flaws on its website.
Nvidia graphics driver driver#
Various Nvidia GeForce Windows and Linux driver branches are affected Nvidia has released a full list of affected versions and updated driver versions on its security advisory. A race condition (CVE‑2021‑1061) in the vGPU plugin of the vGPU manager could essentially trick it into using a previously validated resource that has since changed, which may lead to DoS or information disclosure.Īnd, in another Nvidia vGPU plugin issue (CVE‑2021‑1065), input data is not validated, which may lead to tampering of data or DoS. The vGPU manager also contains a flaw in the vGPU plugin (CVE‑2021‑1059), in which an input index is not validated, which could lead to integer overflow. This issue could allow guests to allocate some resources for which they are not authorized – which according to Nvidia could lead to data integrity and confidentiality loss, DoS and information disclosure. One high-severity flaw in exists in a plugin within the vGPU manager (CVE‑2021‑1057).
Nvidia graphics driver drivers#
Many of the flaws addressed in Nvidia’s Thursday security advisory stem from Nvidia’s vGPU manager, its tool that enables multiple virtual machines to have simultaneous, direct access to a single physical GPU, while also using Nvidia graphics drivers deployed on non-virtualized operating systems. Nvidia’s vGPU creates graphics-forcused virtual desktops and workstations in tandem with the company’s data center Tesla accelerator GPUs. That could allow for DoS or information disclosure.īeyond its graphics drivers, Nvidia warned of flaws tied to nine high-severity CVEs in its virtual GPU (vGPU) software.
Three of these (CVE‑2021‑1053, CVE‑2021‑1054, CVE‑2021‑1055) also stem from the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, while the fourth (CVE‑2021‑1056) exists in a kernel mode layer (nvidia.ko) that does not completely honor operating system file system permissions to provide GPU device-level isolation. Nvidia also stomped out four medium-severity flaws in its graphics driver. According to Nvidia, this “may lead to denial of service, escalation of privileges, and information disclosure.” Kernel mode is generally reserved for the lowest-level, most trusted functions of the operating system in this case, the layer (nvlddmkm.sys) handler for the DxgkDdiEscape interface contains a glitch where an operation is performed that could be abused to launch a denial-of-service (DoS) attack or escalate privileges.Īnother high-severity flaw (CVE‑2021‑1052) in this same kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape could allow user-mode clients to access legacy privileged application programming interfaces (APIs). This flaw ranks 8.4 out of 10 on the CVSS scale, making it high severity. The most severe of these (CVE‑2021‑1051) is an issue in the graphic drivers’ kernel mode layer.
Nvidia graphics driver update#
Nvidia’s Thursday security update addresses flaws tied to 16 CVEs overall. The graphics driver is used in devices targeted to enthusiast gamers it’s the software component that enables the device’s operating system and programs to use its high-level, gaming-optimized graphics hardware. The vulnerabilities allow bad actors to cripple systems with denial of service attacks, escalate privileges, tamper with data or sniff out sensitive data.Īffected is Nvidia’s graphics driver (formally known as the GPU Display Driver) for Windows.
Nvidia, which makes gaming-friendly graphics processing units (GPUs), on Thursday fixed a slew of high-severity flaws affecting its graphics driver.
0 kommentar(er)
