For anyone with an Nvidia GPU, the graphics card manufacturer is recommending everyone update their drivers immediately. These bugs are affecting both consumer GPUs and enterprise customers.
The first bug you’ll need to be aware of is CVE-2021-1074. It could allow a malicious attacker to replace the application contents with compromised files. That attacker would need access to your local system first, which would need to be compromised through another attack. This bug could result a nefarious person being able to do a wide range of things on your computer.
The second bug, CVE-2021-1075, details a problem with the kernel mode layer. Interestingly, this isn’t the first time this has been a problem for Nvidia with Google’s Project Zero noting that the DxgkDdiEscape interface was vulnerable to attack. This bug can leak system information, allow attackers to execute code or lock you out of your own computer.
Bugs CVE-2021-1076 and 1077 both have vulnerabilities in the kernel model layer. In bug 1076, attackers can corrupt data, prevent you using your machine and leak information.
These bugs are present, it seems, in most Nvidia drivers, which may present a problem for people with older cards which are no longer updated. In 1077 drivers, both of Nvidia’s R450 and R460 branches are affected and this bug can lead to a denial of service.
The final bug is ranked as the least severe, but CVE-2021-1078 can cause your computer to crash if a vulnerability is attacked in the kernel driver nvlddmkm.sys. This is more of an inconvenience than a severe problem, but still annoying.
Most people will likely have the graphics drivers up-to-date anyway, as the best game performance is usually found in later drivers, especially for new games. However if you’re sticking with an old driver for a specific reason, say compatibility, you might want to consider updating if you can.
Nvidia’s vGPUs has eight different security issues which ThreatPost has covered. Most home users won’t be affected, as vGPU drivers only work with select Quadro, Tesla and A100 GPUs. If you do run these in any system, you’ll need to obtain your software update through the Nvidia Licensing Portal.
So tl;dr: download the latest drivers from Nvidia as soon as possible.