Nvidia reports some worrisome security vulnerabilities in its graphics card drivers and recommends updating them as soon as possible. As many as five security bugs have been discovered in the drivers, all of which score high on the CVSS vulnerability scale.
The most dangerous on the list appears to be CVE-2021-1074, which scores 7.5 out of 10 on the CVSS scale. This bug was found in the Nvidia driver installer and could allow an attacker with physical access to swap an application source with malicious files. This can lead to malicious code execution, a denial of service attack or the stealing of personal information.
CVE-2021-1075 is another very serious bug (rated 7.3 on the CVSS scale) and is located in the nvlddmkm.sys handler for DxgkDdiEscape. The program defers a pointer that contains a memory location that is no longer valid, which could lead to code execution, denial of service, or privilege escalation.
CVE-2021-1076 is a medium-severity bug found in the Nvidia GPU Display Driver for Windows and Linux’s kernel mode layer, where malicious users can exploit improper access controls to launch denial of service, information theft or data corruption attacks.
CVE-2021-1077 is a medium risk in the Windows and Linux drivers, where the driver uses a reference count to control a resource that is incorrectly updated, which can lead to service disqualification.
In addition, CVE-2021-1078 also found another bug of medium severity. It has been discovered in all versions of the Windows Nvidia driver and affects the kernel. NULL pointer deference could then cause your PC to crash.
And because bad news rarely comes alone, Nvidia has also disclosed eight more software vulnerabilities in its vGPU software. These affect workstations and AI workloads and are all medium to high severity.