Nvidia has just released a new security update to fix six critical flaws detected in the Nvidia GPU display driver on Windows and Linux. The most severe vulnerabilities can, if exploited, allow code execution, file corruption, and denial of service attacks.
After fixing the RTX 3080 MSI card crash issues, Nvidia is releasing a new security update this Friday, January 8, 2021. This patch is intended to correct six critical security vulnerabilities detected in the Nvidia GPU display driver on Windows and linux. Some of these vulnerabilities are serious, and can allow denial of service attacks, elevation of privilege, or corruption of certain data.
All of these vulnerabilities require local access, which means that potential attackers will first have to gain access to the targeted system using another attack vector. In its patch note, Nvidia therefore talks about six vulnerabilities corrected by the driver update. GeForce 461.09 on Windows and 460.32.03 on Linux.
Read also: Nvidia fixes a security flaw in GeForce Experience, update quickly
A high risk of a denial of service attack
The most serious of these concerns a flaw found in the kernel-mode layer manager (nvlddmkm.sys) for DxgkDdiEscape. It is evaluated at 8.4 on the CVSS vulnerability scale (for Common Vulnerability Scoring System), which is none other than the standardized evaluation system for security vulnerabilities. This rating is high because of the significant risk of denial of service attack and / or elevation of privilege upon successful exploitation.
In addition to correcting its various flaws, Nvidia also dwells on some persistent problems in the game and relating to certain graphics cards:
- Fixed a bug causing a blue screen on GeForce GTX 750 Ti
- Fixed a bug causing the screen to flicker on the GeForce GTX 1080 Ti
- Fixed a bug causing system shutdown on GeForce GTX 1080 Ti
- Fixed HDR bug on LG OLED TVs causing incorrect black levels
- Fixed critical infrastructure corruption on Lenovo Y740 laptops
Finally, Nvidia specifies that other vulnerabilities identified in Nvidia’s VGPU software for virtual desktops have also been corrected via this patch. You can find all the fixes in the Nvidia security bulletin of January 2021. To download the latest drivers, simply go to the dedicated page on the official Nvidia site.