Skip to main content
  1. Home
  2. Computing
  3. News

Nvidia warns owners of its GPUs about a dangerous security vulnerability

By

Nvidia is warning GPU owners to update their graphics card drivers after the company discovered several high-level security vulnerabilities. ThreatPost reports that Nvidia found bugs in its virtual GPU software and the display driver that’s required for the graphics card to function.

Nvidia has a table showing the drivers for its different product lines across Windows and Linux, but it doesn’t really matter. It seems GeForce, Quadro, and Tesla drivers are vulnerable across Windows and Linux, so it’s best to update your graphics driver regardless.

In total, the company revealed 13 security vulnerabilities, five through the GPU display driver and eight through the vGPU software. Most sit in between 7 and 8 on CVSS 3.1 (Common Vulnerability Scoring System), which is an open standard for rating security vulnerabilities on a scale of 1 to 10.

Get your weekly teardown of the tech behind PC gaming
Check your inbox!
Privacy Policy

CVE‑2021‑1074 is one of the most pressing issues, with a base CVSS score of 7.5. This vulnerability shows up in the display driver installer, where an attacker with local system access can replace the installation files with malicious ones. On the other end, CVE‑2021‑1078 received a base score of 5.5, which shows a vulnerability in the kernel driver that could lead to a system crash.

Image used with permission by copyright holder

There’s also CVE‑2021‑1085 through the vGPU software (base score of 7.3), which opens the potential to write data to shared memory locations and manipulate it after validation. That could lead to escalation of privileges and denial of service.

If you just have an Nvidia graphics card, you don’t need to worry about the vGPU vulnerabilities. The vGPU software is built for the data center, allowing operators to share graphics card power across several virtual machines. Nvidia recommends updating your graphics card driver through the Nvidia driver download page and the vGPU software through the Nvidia licensing portal (if you have access to it).

geforce rtx 3090
Image used with permission by copyright holder

The vulnerabilities highlight the importance of updating your software and drivers regularly. Earlier this year, Nvidia fixed several vulnerabilities in its display driver, and it continues to push updates whenever vulnerabilities show up. The current batch of problems may lead to malicious code execution (ransomware, etc.), escalation of privileges, data disclosure, data corruption, and/or denial of service, so you should update your GPU driver as soon as possible.

All of the issues come through software, so it doesn’t matter which graphics card you have. Even with a last-gen or older GPU — a likely situation given the ongoing graphics card shortage — you still need to update your driver.

Editors’ Recommendations

Topics
Jacob Roach
Jacob Roach
Lead Reporter, PC Hardware
Jacob Roach is the lead reporter for PC hardware at Digital Trends. In addition to covering the latest PC components, from…
Nvidia is reportedly ‘worried that it’s missing the boat’
Steam Deck over a pink background.

Nvidia and AMD trade blows when it comes to making some of the best graphics cards, but there's one area where AMD obliterates Nvidia: gaming handhelds. The booming market of portable gaming PCs largely belongs to AMD right now. However, that might soon change, as it seems that Nvidia is gearing up to ensure that its chips power next-gen handhelds -- but there are a few obstacles to consider before such a device can ever be made.

AMD really went all-in on gaming handhelds at just the right time. From the Steam Deck to the Asus ROG Ally, the portable PCs that bridge the gap between a computer and a console are all the rage right now, and they're almost exclusively powered by AMD APUs. There are a couple of Intel Core Ultra-based handhelds on the way, such as the MSI Claw, but so far, AMD dominates. Nvidia is completely absent, and it's safe to say it's missing out on a huge opportunity.

Read more
Nvidia is replacing its crusty, Windows XP-era app with something much better
A screenshot of the Nvidia app.

Nvidia's latest announcement is one that many of us have been waiting for. The company is releasing a new software solution that will, hopefully, one day replace the Nvidia Control Panel and GeForce Experience. Dubbed simply "Nvidia App," the software is now in beta and is available for testing.

Those of us who own some of Nvidia's top GPUs (or even some of the worst ones) are forced to use the Nvidia Control Panel for tuning things like display settings, game performance, and monitor refresh rates. Meanwhile, GeForce Experience optimizes game settings and provides an in-game overlay that can be used for things like recording bits of your gameplay. The lack of a unified app can get confusing and annoying to those who aren't familiar with it.

Read more
Why I’m feeling hopeful about Nvidia’s RTX 50-series GPUs
The RTX 4070 Super on a pink background.

I won't lie -- I was pretty scared of Nvidia's RTX 50-series, and I stand by the opinion that those fears were valid. They didn't come out of thin air; they were fueled by Nvidia's approach to GPU pricing and value for the money.

However, the RTX 40 Super refresh is a step in the right direction, and it's one I never expected to happen. Nvidia's most recent choices show that it may have learned an important lesson, and that's good news for future generations of graphics cards.
The price of performance
Nvidia really didn't hold back in the RTX 40 series. It introduced some of the best graphics cards we've seen in a while, but raw performance isn't the only thing to consider when estimating the value of a GPU. The price is the second major factor and weighing it against performance can often tip the scales from "great" to "disappointing." That was the case with several GPUs in the Ada generation.

Read more