Security News > 2021 > April > Nvidia Warns: Severe Security Bugs in GPU Driver, vGPU Software

Nvidia Warns: Severe Security Bugs in GPU Driver, vGPU Software
2021-04-26 18:12

Nvidia has disclosed a group of security vulnerabilities in the Nvidia graphics processing unit display driver, which could subject gamers and others to privilege-escalation attacks, arbitrary code execution, denial of service and information disclosure.

The Nvidia virtual GPU software also has a group of bugs that could lead to a range of similar attacks.

The most severe of the five bugs in the GPU display driver is tracked as CVE-2021-1074, which rates 7.5 out of 10 on the CVSS vulnerability scale, making it high-severity.

The latter NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver branch, contains a vulnerability where the software uses a reference count to manage a resource that is incorrectly updated, which may lead to denial of service.

Finally, the medium-severity CVE-2021-1078 rates 5.5 on the CVSS scale and NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel driver where a NULL pointer dereference may lead to system crash.

Nvidia has released patches to mitigate all of the bugs, which uses can download at through the Nvidia Driver Downloads page or, for the vGPU software update, through the Nvidia Licensing Portal.


News URL

https://threatpost.com/nvidia-security-bugs-gpu-vgpu/165597/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-04-21 CVE-2021-1074 Unspecified vulnerability in Nvidia GPU Display Driver
NVIDIA GPU Display Driver for Windows installer contains a vulnerability where an attacker with local unprivileged system access may be able to replace an application resource with malicious files.
local
low complexity
nvidia
7.3
2021-04-21 CVE-2021-1078 NULL Pointer Dereference vulnerability in Nvidia GPU Display Driver
NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel driver (nvlddmkm.sys) where a NULL pointer dereference may lead to system crash.
local
low complexity
nvidia CWE-476
5.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Nvidia 239 12 178 319 15 524