Nvidia has released a round of security fixes to address serious vulnerabilities in the Nvidia GPU display driver and vGPU software.
The company said the patches were dealing with issues that "could lead to denial of service, escalation of privileges, data breach or disclosure of information".
In total, Nvidia has fixed 16 vulnerabilities associated with the Nvidia GPU display driver used to support graphics processors, as well as vGPU software for virtual workstations, servers, applications, and computers.
The most serious vulnerability encountered in the latter is CVE ‑ 2021‑1051. With a CVSS rating of 8,4, the problem affects the kernel mode layer for the Windows GPU display driver. If utilized, this defect may result in denial of service or escalation of privileges.
CVE ‑ 2021‑1052 is the second most serious vulnerability in the driver, but this error affects the functional Windows and Linux. The security flaw, with a severity rating of 7.8, was also detected in the kernel mode layer and allows "user-mode clients" to access "privileged APIs". As a result, one exploit exploiting this vulnerability could lead to denial of service, escalation of privileges and information leaks.
With the exception of CVE ‑ 2021‑1066, a moderate severity entry validation issue (CVSS 5.5) in vGPU manager leading to resource overload and denial of service, each vulnerability has a severity score of 7,8.
Nvidia has fixed eight vGPU and plugin manager vulnerabilities, ranging from validation errors data input to unreliable source values. These security vulnerabilities could lead in revelation completeφlimits and data breach.
To stay protected, Nvidia has advised users to receive automatic security updates or to download them directly from this official page here.
Source of information: zdnet.com