Security News > 2021 > April > Nvidia Warns: Severe Security Bugs in GPU Driver, vGPU Software
Nvidia has disclosed a group of security vulnerabilities in the Nvidia graphics processing unit display driver, which could subject gamers and others to privilege-escalation attacks, arbitrary code execution, denial of service and information disclosure.
The Nvidia virtual GPU software also has a group of bugs that could lead to a range of similar attacks.
The most severe of the five bugs in the GPU display driver is tracked as CVE-2021-1074, which rates 7.5 out of 10 on the CVSS vulnerability scale, making it high-severity.
The latter NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver branch, contains a vulnerability where the software uses a reference count to manage a resource that is incorrectly updated, which may lead to denial of service.
Finally, the medium-severity CVE-2021-1078 rates 5.5 on the CVSS scale and NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel driver where a NULL pointer dereference may lead to system crash.
Nvidia has released patches to mitigate all of the bugs, which uses can download at through the Nvidia Driver Downloads page or, for the vGPU software update, through the Nvidia Licensing Portal.
News URL
https://threatpost.com/nvidia-security-bugs-gpu-vgpu/165597/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-21 | CVE-2021-1074 | Unspecified vulnerability in Nvidia GPU Display Driver NVIDIA GPU Display Driver for Windows installer contains a vulnerability where an attacker with local unprivileged system access may be able to replace an application resource with malicious files. | 7.3 |
| 2021-04-21 | CVE-2021-1078 | NULL Pointer Dereference vulnerability in Nvidia GPU Display Driver NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel driver (nvlddmkm.sys) where a NULL pointer dereference may lead to system crash. | 5.5 |