Nvidia Fixes Two Severe Vulnerabilities in the GeForce Experience Tool
Last updated September 23, 2021
Last updated September 23, 2021
NVIDIA Fixes a Multitude of Bugs in Latest Driver Update
Last updated September 23, 2021
- NVIDIA card owners should get updating right away, as the vendor has pushed a hefty security fixing pack.
- Linux and Windows drivers were found to be vulnerable to six vulnerabilities of mid to high criticality.
- The Virtual GPU management software also carried 10 important flaws addressed with version 11.3.
If you haven’t updated your NVIDIA driver yet, you’d better do it now as the GPU company has fixed quite a few denials of service, escalation of privileges, data tampering, and information disclosure bugs this time. Apart from the display driver fixes, which concern flaws affecting both Windows and Linux versions, there are another ten squashes of bugs in the NVIDIA Virtual GPU management software.
While all of the now-fixed bugs require local user access to work, they are still dangerous to leave unpatched.
GPU Display Driver
- CVE-2021-1051: Escalation of privilege flaw in the kernel mode layer handler for DxgkDdiEscape. (Windows only). CVSS v3.1 score – 8.4
- CVE-2021-1052: Information disclosure vulnerability in the kernel mode layer handler for DxgkDdiEscape or IOCTL. (Windows and Linux). CVSS v3.1 score – 7.8
- CVE-2021-1053: Denial of service flaw in the kernel mode layer handler for DxgkDdiEscape. (Windows and Linux). CVSS v3.1 score – 6.6
- CVE-2021-1054: Denial of service bug in the kernel mode layer handler for DxgkDdiEscape. (Windows only). CVSS v3.1 score – 6.5
- CVE-2021-1055: Information disclosure flaw in the kernel mode layer handler for DxgkDdiEscape. (Windows Only). CVSS v3.1 score – 5.3
- CVE-2021-1056: Information disclosure vulnerability in the kernel mode layer. (Linux only). CVSS v3.1 score – 5.3
Virtual GPU Software
- CVE-2021-1057: Information disclosure bug in vGPU plugin. CVSS v3.1 score – 7.8
- CVE-2021-1058: Information disclosure bug in guest kernel mode and vGPU plugin. CVSS v3.1 score – 7.8
- CVE-2021-1059: Information disclosure bug in vGPU plugin. CVSS v3.1 score – 7.8
- CVE-2021-1060: Information disclosure bug in guest kernel mode and vGPU plugin. CVSS v3.1 score – 7.8
- CVE-2021-1061: Information disclosure bug in vGPU plugin. CVSS v3.1 score – 7.8
- CVE-2021-1062: Information disclosure bug in vGPU plugin. CVSS v3.1 score – 7.8
- CVE-2021-1063: Information disclosure bug in vGPU plugin. CVSS v3.1 score – 7.8
- CVE-2021-1064: Information disclosure bug in vGPU plugin. CVSS v3.1 score – 7.8
- CVE-2021-1065: Information disclosure bug in vGPU plugin. CVSS v3.1 score – 7.8
- CVE-2021-1066: Information disclosure bug in vGPU plugin. CVSS v3.1 score – 7.8
To address all of the above, you may download the latest available driver for your graphics card on this page. Alternatively, if you’re using the ‘GeForce Experience’ tool, you may fetch the update from there. The only category of users who will have to wait until January 18, 2021, to get a driver version that fixes the aforementioned vulnerabilities is Linux users who own a “Tesla” card (GeForce 8 series).
