Security vulnerabilities were discovered in Nvidia’s graphics drivers, which could launch denial-of-service (DoS), code-execution attacks, and other harmful cyber attacks. The vulnerabilities can compromise Windows or Linux PCs, giving a malicious hacker local network access using cyber-attacks.
Nvidia, as a result, released security patches for those vulnerabilities in its graphics driver. One of the primary affected components was Nvidia’s graphics processing unit (GPU) display driver, which is used in devices for gamers.
The driver helps devices’ OS (Linux or Windows) and programs to use its high-level graphics hardware. Display drivers used in GeForce, Quadro and Tesla-branded GPUs for Windows were also impacted because of the vulnerability.
The most serious flaw was found in the control panel component of the graphics driver, which is a utility software used to monitor and optimise the settings of the graphics adapter by users.
Nvidia Windows GPU Display Driver included a vulnerability in the Control Panel component in which a malicious actor with local system access can corrupt a system file, which may cause a denial of service attack or escalation of privileges, which may be misused.
Nvidia also found vulnerabilities in vGPU manager — a virtualisation tool that helps multiple virtual machines to have simultaneous and direct access to a one physical GPU, and graphics drivers that are working on non-virtualised operating systems.
The List Of Nvidia Vulnerabilities
Here are the vulnerabilities disclosed by Nvidia related to GPU Display Driver, Virtual GPU Manager, and vGPU graphics driver. Overall, the disclosure update included five desktop CVE vulnerabilities, with a CVE‑2020‑5957, which has been rated as critical from a cybersecurity standpoint.
CVE‑2020‑5958: Nvidia Windows GPU Display Driver included a security flaw in the Nvidia Control Panel component in which the hacker with local system access can plant a malicious dynamic link library (DLL) file, which may cause harmful code execution, denial of service, and sensitive data disclosure.
CVE‑2020‑5959: Nvidia Virtual GPU Manager contained a security flaw in the vGPU plugin, in which an input index value is wrongly validated, which causes a denial of service attack.
CVE‑2020‑5960: Nvidia Virtual GPU Manager contained a security flaw in the kernel module (Nvidia.ko), wherein a null pointer can occur, which may cause a denial of service by a malicious actor.
CVE‑2020‑5961: Nvidia vGPU graphics driver for guest OS contains a vulnerability in which an incorrect resource clean up on a failure path can impact the guest VM, leading to a denial of service.
What Did Nvidia Do?
Nvidia took security concerns seriously and worked on to quickly evaluate and address them. The company put out the appropriate resources to analyse, validate and provide corrective actions to resolve the issue.
It has also published a software security update for Nvidia GPU Display Driver. This update addresses issues that may lead to denial of service, escalation of privileges, or information disclosure. Because of the proactive nature of vulnerability disclosure, it is expected that no harm will be done given the vulnerabilities are patched immediately by users.
The patched versions of the software are now provided, however excluding a patch for Tesla-branded GPUs for Windows which will have patched fixes in a few days. In order to protect your system, download and install this software update through the Nvidia Driver Downloads page or, for the vGPU software update, via the Nvidia Licensing Portal.
So, how do you determine which Nvidia display driver version is currently installed a Microsoft Windows PC? There are many ways to find out the display driver version which is installed on a given PC. The quickest way is by inspecting the System Information through the Nvidia Control Panel.
Join Our Telegram Group. Be part of an engaging online community. Join Here.
Subscribe to our NewsletterGet the latest updates and relevant offers by sharing your email.
Vishal Chawla is a senior tech journalist at Analytics India Magazine and writes about AI, data analytics, cybersecurity, cloud computing, and blockchain. Vishal also hosts AIM's video podcast called Simulated Reality- featuring tech leaders, AI experts, and innovative startups of India.