Multiple NVIDIA graphic card models have been found to have flaws in their GPU drivers, with six medium-and four high-severity ratings.
Last Monday, the company released a software security update for NVIDIA GPU Display Driver to address the vulnerabilities. If exploited, they could lead to denial of service, code execution, privilege escalation, and data tampering.
NVIDIA GeForce software, Studio, RTX/Quadro, NVS, and Tesla running Windows and Linux are all affected by this update, covering driver branches R450, R470, and R510. Here are the lists for Windows and Unix/Linux for reference for driver branch histories.
The latest release also covers updates for already unsupported GTX 600 and GTX Kepler-series cards. This is NVIDIA honoring its promise of continuing to provide support for these cards until September 2024βthree years after the October 2021 end-of-support date.
Let's look at each of the vulnerabilities up-close.
[DCL_INDEXABLE](<https://talosintelligence.com/vulnerability_reports/TALOS-2021-1435>)
functionality could lead to memory corruption, code execution, data tampering, denial of service, privilege escalation, and information disclosure. Virtual machines and (theoretically) web browsers can trigger this vulnerability. This is exploitable over the network.[DCL_INDEXRANGE](<https://talosintelligence.com/vulnerability_reports/TALOS-2021-1436>)
, [DCL_RESOURCE_STRUCTURED](<https://talosintelligence.com/vulnerability_reports/TALOS-2021-1438>)
, and [DCL_UNORDERED_ACCESS_VIEW_STRUCTURED](<https://talosintelligence.com/vulnerability_reports/TALOS-2021-1437>)
functionalities could lead to memory corruption, data tampering, denial of service, information disclosure, and privilege escalation. Virtual machines and (theoretically) web browsers can trigger this vulnerability. This is exploitable over the network.nvlddmkm.sys
) could lead to data tampering and denial of service.nvlddmkm.sys
) could lead to denial of service.nvlddmkm.sys
) handler for DxgkDdiEscape where input is not correctly validated for being able to process data safely, which could lead to denial of service.nvlddmkm.sys
) handler for DxgkDdiEscape
could lead to a system crash.nvlddmkm.sys
) handler for DxgkDdiEscape
where improper input validation could lead to denial of service.NVIDIA users are advised to download and apply the patches ASAP. The updates can also be applied via NVIDIA's GeForce Experience suite.
The post Update now! Nvidia released fixes for 10 flaws in Windows GPU drivers appeared first on Malwarebytes Labs.