Security News

A set of five exploitable vulnerabilities in Arm's Mali GPU driver remain unfixed months after the chip maker patched them, leaving potentially millions of Android devices exposed to attacks. The vulnerability impacts Arm Mali GPU kernel drivers Valhall r29p0 to r38p0.

NVIDIA has released a security update for a wide range of graphics card models, addressing four high-severity and six medium-severity vulnerabilities in its GPU drivers. The security update fixes vulnerabilities that can lead to denial of service, information disclosure, elevation of privileges, code execution, etc.

NVIDIA has published the source code of its Linux kernel modules for the R515 driver, allowing developers to provide greater integration, stability, and security for Linux distributions. The products supported by these drivers include all models built on the Turing and Ampere architecture, released after 2018, including the GeForce 30 and GeForce 20 series, the GTX 1650 and 1660, and data center-grade A series, Tesla, and Quadro RTX. According to the GPU maker, this is a step toward improving its products' experience on the Linux platform, simplifying the integration process in Linux distributions, debugging, and boosting contribution activity.

AMD is investigating an issue in its GPU software suite that causes an auto-adjustment of AMD Ryzen CPU performance settings for users without permission. The chipmaker confirmed the GPU driver bug to Tom's Hardware via a generic statement that didn't give many details, mitigation advice, or estimated fix dates.

US chipmaker giant Nvidia confirmed today it's currently investigating an "Incident" that reportedly took down some of its systems for two days.Systems impacted in what looks like a cyberattack include the company's developer tools and email systems, as first reported by The Telegraph.

A team of researchers from French, Israeli, and Australian universities has explored the possibility of using people's GPUs to create unique fingerprints and use them for persistent web tracking. The researchers considered the possibility of creating distinctive fingerprints based on the GPU of the tracked systems with the help of WebGL. WebGL is a cross-platform API for rendering 3D graphics in the browser, and it's present on all modern web browsers.

Cybercriminals are making strides towards attacks with malware that can execute code from the graphics processing unit of a compromised system. In a short post on a hacker forum, someone offered to sell the proof-of-concept for a technique they say keeps malicious code safe from security solutions scanning the system RAM. The seller provided only an overview of their method, saying that it uses the GPU memory buffer to store malicious code and execute code.

The patches cover 13 different CVE numbers, running from CVE-2021-1074 to CVE-2021-1078 for the GPU driver fixes, and from CVE-2021-1080 to CVE-2021-1087 for the vGPU products. The GPU software bug that ended up with the highest "Base score" using the well-known CVSS bug-rating system was CVE-2021-1074, described as a "Vulnerability in the [GPU driver] installer where an attacker with local system access may replace an application resource with malicious files."

Nvidia has disclosed a group of security vulnerabilities in the Nvidia graphics processing unit display driver, which could subject gamers and others to privilege-escalation attacks, arbitrary code execution, denial of service and information disclosure. The Nvidia virtual GPU software also has a group of bugs that could lead to a range of similar attacks.

"Even though these new Nvidia drivers will halve the earning rate of the cybercriminals, the crooks aren't paying for the electricity, so any unlawfully mined crypto-coins are still essentially free money for them." "In the early days, it was possible to mine Bitcoin using the average computer CPU or a high-speed video processor card; however, today, mining for Bitcoin requires dedicated Bitcoin mining hardware to make it a profitable endeavor," according to the report.