Security News > 2021 > April > Nvidia Warns: Severe Security Bugs in GPU Driver, vGPU Software

Nvidia has disclosed a group of security vulnerabilities in the Nvidia graphics processing unit display driver, which could subject gamers and others to privilege-escalation attacks, arbitrary code execution, denial of service and information disclosure.

The Nvidia virtual GPU software also has a group of bugs that could lead to a range of similar attacks.

The most severe of the five bugs in the GPU display driver is tracked as CVE-2021-1074, which rates 7.5 out of 10 on the CVSS vulnerability scale, making it high-severity.

The latter NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver branch, contains a vulnerability where the software uses a reference count to manage a resource that is incorrectly updated, which may lead to denial of service.

Finally, the medium-severity CVE-2021-1078 rates 5.5 on the CVSS scale and NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel driver where a NULL pointer dereference may lead to system crash.

Nvidia has released patches to mitigate all of the bugs, which uses can download at through the Nvidia Driver Downloads page or, for the vGPU software update, through the Nvidia Licensing Portal.

News URL

https://threatpost.com/nvidia-security-bugs-gpu-vgpu/165597/