Nvidia has patched a number of security vulnerabilities in its GPU Display and CUDA drivers as well as its Virtual GPU Manager software.
While these flaws require local user access, if exploited they could lead to code execution, denial of service, escalation of privileges and information disclosure on systems running Windows and Linux.
In total, Nvidia patched six vulnerabilities in its GPU Display driver and six vulnerabilities in its vGPU software and in its security bulletin, the company lists the bugs with CVSS V3 base scores ranging from 4.4 to 7.8.
Thankfully though, “the NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation”, according to Nvidia’s security bulletin. The company also recommends that users consult an IT or security professional to accurately evaluate the risk of their specific system configuration.
Display driver and vGPU vulnerabilities
Nvidia is encouraging users to update their GeForce, Quadro, NVS and Tesla Windows GPU display drivers as well as their Virtual GPU Manager and guest driver software. To do so, you can apply the security updates available on the company’s Driver Downloads page.
For users that fail to patch these vulnerabilities manually, Nvidia says that they may also receive the Windows GPU display driver version 451.55, 446.06 and 443.18 from their computer hardware vendors, which also includes its latest security updates.
Enterprise users of Nvidia’s vGPU software will need to log in to the Nvidia Enterprise Application Hub to download the updates through the Nvidia Licensing Center.