Security News > 2020 > October > Use an NVIDIA GPU? Check whether you need security updates
NVIDIA has released security updates for the NVIDIA GPU Display Driver and the NVIDIA Virtual GPU Manager that fix a variety of serious vulnerabilities.
The driver security update should be implemented by users of the company's desktop, workstation and data center GPUs, while the vGPU software update is available for the Virtual GPU Manager component on Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux KVM, and Nutanix AHV enterprise virtualization solutions.
The vulnerability allows for DLL hijacking, i.e., exploitation of execution flow of an application via external DLLs. "If a vulnerable application is configured to run at a higher privilege level, then the malicious DLL that is loaded will also be executed at a higher level, thus achieving escalation of privilege. Often the application will behave no differently because malicious DLLs may also be configured to load the legitimate DLLs they were meant to replace or where a DLL doesn't exist," Gill explained.
Users are advised to check which NVIDIA display driver version is currently installed on their system(s) and update it if necessary.
Users are advised to upgrade to vGPU Software versions 11.1, 10.4, or 8.5 - updates are available through the NVIDIA Licensing Portal.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/EC8v7vUwx0Q/