Security News

AMD is investigating an issue in its GPU software suite that causes an auto-adjustment of AMD Ryzen CPU performance settings for users without permission. The chipmaker confirmed the GPU driver bug to Tom's Hardware via a generic statement that didn't give many details, mitigation advice, or estimated fix dates.

US chipmaker giant Nvidia confirmed today it's currently investigating an "Incident" that reportedly took down some of its systems for two days.Systems impacted in what looks like a cyberattack include the company's developer tools and email systems, as first reported by The Telegraph.

A team of researchers from French, Israeli, and Australian universities has explored the possibility of using people's GPUs to create unique fingerprints and use them for persistent web tracking. The researchers considered the possibility of creating distinctive fingerprints based on the GPU of the tracked systems with the help of WebGL. WebGL is a cross-platform API for rendering 3D graphics in the browser, and it's present on all modern web browsers.

Cybercriminals are making strides towards attacks with malware that can execute code from the graphics processing unit of a compromised system. In a short post on a hacker forum, someone offered to sell the proof-of-concept for a technique they say keeps malicious code safe from security solutions scanning the system RAM. The seller provided only an overview of their method, saying that it uses the GPU memory buffer to store malicious code and execute code.

The patches cover 13 different CVE numbers, running from CVE-2021-1074 to CVE-2021-1078 for the GPU driver fixes, and from CVE-2021-1080 to CVE-2021-1087 for the vGPU products. The GPU software bug that ended up with the highest "Base score" using the well-known CVSS bug-rating system was CVE-2021-1074, described as a "Vulnerability in the [GPU driver] installer where an attacker with local system access may replace an application resource with malicious files."

Nvidia has disclosed a group of security vulnerabilities in the Nvidia graphics processing unit display driver, which could subject gamers and others to privilege-escalation attacks, arbitrary code execution, denial of service and information disclosure. The Nvidia virtual GPU software also has a group of bugs that could lead to a range of similar attacks.

"Even though these new Nvidia drivers will halve the earning rate of the cybercriminals, the crooks aren't paying for the electricity, so any unlawfully mined crypto-coins are still essentially free money for them." "In the early days, it was possible to mine Bitcoin using the average computer CPU or a high-speed video processor card; however, today, mining for Bitcoin requires dedicated Bitcoin mining hardware to make it a profitable endeavor," according to the report.

Sunlight announced NVIDIA GPU support for Sunlight NexVisor, its lightweight hypervisor providing near bare-metal performance with a compact footprint. Organizations can now unlock the full potential of hyperconverged infrastructure at the edge, maximizing the performance of demanding, GPU-accelerated workloads such as artificial intelligence running in edge environments.

NVIDIA has released security updates for the NVIDIA GPU Display Driver and the NVIDIA Virtual GPU Manager that fix a variety of serious vulnerabilities. The driver security update should be implemented by users of the company's desktop, workstation and data center GPUs, while the vGPU software update is available for the Virtual GPU Manager component on Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux KVM, and Nutanix AHV enterprise virtualization solutions.

NVIDIA this week released patches for a dozen vulnerabilities in GPU display drivers and vGPU software, including multiple issues that could lead to code execution. The most severe of the bugs affecting the GPU drivers include CVE‑2020‑5962, which was found in the NVIDIA GPU display driver, and CVE‑2020‑5963, which resides in the CUDA driver.