Friday, September 24, 2021

Nvidia releases security update for high-severity flaws affecting Windows, Linux devices

Must Read

Helicopter Manufacturer Kopter Hit By Ransomware

Helicopter manufacturer Kopter has fallen Victim to ransomware attack after hackers breached its internal system and encoded the firm's...

Web Page Layout Could Trick Users to Divulging More Information

Computer users may be manipulated into divulging more information than they'd normally simply from the design of pages, new...

Multi-platform card skimmer found on BigCommerce, Shopify stores

While generally designed to target one kind of e-commerce platform, this new kind of net metering malware may assume...

NVIDIA has released security updates to address six security vulnerabilities found in Windows and Linux GPU screen drivers, as well as ten additional flaws affecting the NVIDIA Virtual GPU (vGPU) management software.

Released on Thursday, the technology giant said the patches deal with issues which”may lead to denial of support, escalation of privileges, data tampering, or information disclosure.”

The vulnerabilities expose Windows and Linux machines to strikes resulting in a denial of service, escalation of privileges, data tampering, or information disclosure.

In total, Nvidia has resolved 16 vulnerabilities linked to the Nvidia GPU screen driver used to support graphics processing units, too in vGPU applications for virtual workstations, servers, programs, and PCs.

All these security bugs require local user access, meaning potential attackers will first have to gain access to vulnerable devices utilizing an extra attack vector.

High severity vulnerabilities patched

Following successful manipulation of one of the vulnerabilities patched today, attackers can easily escalate privileges to gain permissions above the default ones given by the OS.

They may also be exploited to render machines running vulnerable drivers or software temporarily unusable by triggering denial-of-service countries or to get access to otherwise unobtainable information.

The most severe vulnerability dealt with in Nvidia’s newest security around is CVE‑2021‑1051. Issued a CVSS score of 8.4, the issue affects the kernel mode layer for the Windows GPU display driver. If exploited, this flaw can lead to denial of service or privilege escalation.

NVIDIA has addressed the safety issues in most affected software products and platforms except for these tracked as CVE‑2021‑1052, CVE‑2021‑1053, and CVE‑2021‑1056 impacting the Linux GPU Display Driver for Tesla GPUs that will receive an update driver version starting with January 18, 2021.

CVE‑2021‑1052 is the next highest-severity vulnerability in the driver, but this bug impacts both Windows and Linux. The security flaw, given a seriousness score of 7.8, is also found in the kernel mode layer and enables user-mode customers to access heritage, privileged APIs.

As a result, an exploit leveraging this vulnerability could result in denial of service, privileges escalation, and data leaks.

Nvidia has also resolved CVE‑2021‑1053, a display driver bug for Windows and Linux machines using a CVSS score of 6.6, suggesting this vulnerability is considered a moderate/important issue. Improper validation of an individual pointer targeted at precisely the identical kernel mode layer can lead to denial of service.

Two other issues impact Windows machines specifically, at the same kernel-mode coating, which are tracked as CVE‑2021‑1054 and CVE‑2021‑1055 with severity scores of 6.5 and 5.3, respectively.

These vulnerabilities involve failures to perform authorization checks and improper access controllers and are exploitable to cause a denial of service. CVE‑2021‑1055 may also lead to data leaks.

The last vulnerability impacts Linux PCs only. Tracked as CVE‑2021‑1056 and issued a CVSS score of 5.3, this bug has been due to operating system file system permissions errors, prompting information disclosure and denial of service.

Except for CVE‑2021‑1066, a moderate CVSS 5.5 input validation issue in vGPU manager resulting in resource overload and refusal of service, every vulnerability was issued a severity score of 7.8.

Nvidia has patched eight vGPU manager and plugin vulnerabilities ranging from input data validation errors to race conditions and untrusted source worth. These security flaws could result in information disclosure, ethics and confidentiality reduction, and data tampering.

Two input validation vulnerabilities, CVE‑2021‑1058, and CVE‑2021‑1060 impact the guest kernel-mode driver and vGPU plugin.

To remain protected, Nvidia has recommended that consumers accept automatic security updates, or download them directly.

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

Apple Releases patches for an actively exploited zero-day flaw in ios, macOS

Apple on Monday Release an urgent security patch for iOS,macOS, iPadOS, to address a zero-day flaw that has been actively exploited.Apple has revealed that...

More Articles Like This