Nvidia has released a slew of updates for its Windows GPU drivers, fixing several high severity vulnerabilities in the process.
Nvidia Releases First Security Patches of 2021
The updates, which went live on 7 January 2021, fix a range of vulnerabilities affecting Nvidia graphics drivers, which in turn communicate with Nvidia's extensive range of graphics processing units (GPUs).
NVIDIA has released a software security update for NVIDIA® GPU Display Driver. This update addresses issues that may lead to denial of service, escalation of privileges, data tampering, or information disclosure.
Nvidia's security updates fix 16 CVEs (Common Vulnerabilities and Exposures), ranging from high-severity, the second most critical level, to medium-severity, the third most critical level.
The vulnerabilities affect the Nvidia GPU Display Driver that every Nvidia installs on their system, plus the Nvidia vGPU Software Manager and driver, which is used in virtualized platforms.
The most severe vulnerability (CVE‑2021‑1051) targets the Nvidia GPU Display Driver. A vulnerability in the kernel mode layer could cause a denial of service, causing the GPU to stop working or escalate privileges.
A second vulnerability rated high severity is also found in the kernel mode layer, potentially allowing an attacker access to APIs, which in turn could cause a denial of service, escalation of privileges, and even unauthorized access to private data.
You can examine the full list of Nvidia GPU driver vulnerabilities.
One thing to note is that not all of the vulnerabilities in the above link apply to Windows systems. Of the Nvidia vulnerabilities, the following are Windows-specific:
- CVE‑2021‑1051
- CVE‑2021‑1052
- CVE‑2021‑1053
- CVE‑2021‑1054
- CVE‑2021‑1055
- CVE‑2021‑1058
- CVE‑2021‑1060
CVEs 1051 - 1055 center on the kernel mode layer and all could lead to a denial of service.
Whereas CVE‑2021‑1058 and CVE-2021-1060 relate to the Nvidia vGPU Software. The vulnerabilities, both rated high-severity, also affect the kernel mode layer and could allow an attacker access to private data or a denial of service.
The other Nvidia vulnerabilities affect Linux systems, covering various driver versions.
Update Your Nvidia Drivers
Nvidia has already released updates resolving these vulnerabilities, which you can download and install on your system now. Head to the Nvidia Driver Downloads page and use the dropdown menus to locate your GPU type for your specific operating system.
Alternatively, you'll find the update available to download if you use Nvidia's GeForce Experience software. Just open the GeForce Experience, check for the latest updates, and install once your download completes.