• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Nvidia Warns Windows Gamers Of High Severity Graphics Driver Flaws

Nvidia Warns Windows Gamers of High-Severity Graphics Driver Flaws

You are here: Home / Latest Cyber Security Vulnerabilities / Nvidia Warns Windows Gamers of High-Severity Graphics Driver Flaws

In all, Nvidia patched flaws tied to 16 CVEs throughout its graphics drivers and vGPU software, in its first security update of 2021.

Nvidia, which makes gaming-helpful graphics processing models (GPUs), on Thursday fixed a slew of superior-severity flaws impacting its graphics driver. The vulnerabilities enable terrible actors to cripple systems with denial of services attacks, escalate privileges, tamper with information or sniff out sensitive info.

✔ Approved Seller by TheCyberSecurity.News From Our Partners
Avast Premium Security 2021

Protect yourself against all threads using AVAST Premium Security. AVAST Ultimate Suite protects your Windows, macOS and your Android via Avast Premium.

Get AVAST Premium Security with 60% discount from our partner: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Affected is Nvidia’s graphics driver (formally acknowledged as the GPU Screen Driver) for Windows. The graphics driver is utilised in products targeted to enthusiast avid gamers it is the computer software ingredient that enables the device’s operating method and applications to use its substantial-amount, gaming-optimized graphics hardware.

Nvidia’s Thursday security update addresses flaws tied to 16 CVEs overall. The most extreme of these (CVE‑2021‑1051) is an issue in the graphic drivers’ kernel manner layer. This flaw ranks 8.4 out of 10 on the CVSS scale, making it large severity.

2020 Reader Survey: Share Your Feedback to Help Us Improve

Kernel method is normally reserved for the most affordable-amount, most trustworthy features of the operating process in this scenario, the layer (nvlddmkm.sys) handler for the DxgkDdiEscape interface incorporates a glitch wherever an procedure is performed that could be abused to start a denial-of-services (DoS) attack or escalate privileges.

Another substantial-severity flaw (CVE‑2021‑1052) in this identical kernel manner layer (nvlddmkm.sys) handler for DxgkDdiEscape could make it possible for user-method consumers to entry legacy privileged software programming interfaces (APIs). According to Nvidia, this “may lead to denial of service, escalation of privileges, and info disclosure.”

Nvidia also stomped out four medium-severity flaws in its graphics driver. Three of these (CVE‑2021‑1053, CVE‑2021‑1054, CVE‑2021‑1055) also stem from the kernel manner layer (nvlddmkm.sys) handler for DxgkDdiEscape, whilst the fourth (CVE‑2021‑1056) exists in a kernel manner layer (nvidia.ko) that does not entirely honor operating method file method permissions to provide GPU unit-level isolation. That could permit for DoS or information disclosure.

Beyond its graphics motorists, Nvidia warned of flaws tied to nine superior-severity CVEs in its virtual GPU (vGPU) computer software. Nvidia’s vGPU results in graphics-forcused digital desktops and workstations in tandem with the company’s info centre Tesla accelerator GPUs.

vGPU Software Flaws

Quite a few of the flaws tackled in Nvidia’s Thursday security advisory stem from Nvidia’s vGPU supervisor, its instrument that permits various virtual machines to have simultaneous, direct entry to a one physical GPU, even though also making use of Nvidia graphics drivers deployed on non-virtualized working systems.

One particular large-severity flaw in exists in a plugin in just the vGPU manager (CVE‑2021‑1057). This issue could allow for attendees to allocate some methods for which they are not approved – which according to Nvidia could lead to facts integrity and confidentiality reduction, DoS and details disclosure. The vGPU manager also is made up of a flaw in the vGPU plugin (CVE‑2021‑1059), in which an enter index is not validated, which could lead to integer overflow. A race affliction (CVE‑2021‑1061) in the vGPU plugin of the vGPU supervisor could essentially trick it into using a earlier validated source that has because modified, which may perhaps guide to DoS or info disclosure.

And, in a different Nvidia vGPU plugin issue (CVE‑2021‑1065), input data is not validated, which could direct to tampering of info or DoS.

Numerous Nvidia GeForce Windows and Linux driver branches are affected Nvidia has introduced a complete list of influenced versions and up-to-date driver variations on its security advisory. The graphics chip producer has also unveiled fixes for precise variations of the vGPU application affected by these flaws on its site.

The security advisory is Nvidia’s 1st in 2021. Past 12 months, the enterprise issued its good share of patches such as fixes for two superior-severity flaws in the Windows model of its GeForce Experience software program, and a patch for a critical bug in its higher-general performance line of DGX servers, both in Oct and a superior-severity flaw in its GeForce NOW application software for Windows in November.

Provide-Chain Security: A 10-Issue Audit Webinar: Is your company’s program provide-chain prepared for an attack? On Wed., Jan. 20 at 2p.m. ET, start out pinpointing weaknesses in your provide-chain with actionable information from industry experts – part of a constrained-engagement and Stay Threatpost webinar. CISOs, AppDev and SysAdmin are invited to check with a panel of A-list cybersecurity experts how they can stay away from currently being caught exposed in a write-up-SolarWinds-hack earth. Attendance is limited: Register Now and reserve a place for this special Threatpost Supply-Chain Security webinar — Jan. 20, 2 p.m. ET.


Some components of this write-up are sourced from:
threatpost.com

Previous Post: «Cyber Security News Army Reserve Gets First Cyber General
Next Post: Trump Sex Scandal Video Is a RAT Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Recent Posts

  • Big Tech Bans Social Networking App
  • Lack of Funding Could Lead to “Lost Generation” of Cyber-Startups
  • Unveiled: SUNSPOT Malware Was Used to Inject SolarWinds Backdoor
  • ‘I’ll Teams you’: Employees assume security of links, file sharing via Microsoft comms platform
  • DarkSide decryptor unlocks systems without ransom payment – for now
  • Researchers see links between SolarWinds Sunburst malware and Russian Turla APT group
  • Millions of Social Profiles Leaked by Chinese Data-Scrapers
  • Feds will weigh whether cyber best practices were followed when assessing HIPAA fines
  • SolarWinds Hack Potentially Linked to Turla APT
  • 10 quick tips to identifying phishing emails

Copyright © TheCyberSecurity.News, All Rights Reserved.