Saturday, June 12, 2021

Nvidia releases security update for high-severity flaws affecting Windows, Linux devices

Must Read

Backdoor accounts found in More than 100,000 Zyxel firewalls, VPN gateways

Dutch cybersecurity researchers have discovered a backdoor account in 100,000 networking devices manufactured by Zyxel, which may grant hackers...

Web Hosting Security Threats to Check Out

Threats to web hosting are becoming more commonplace in the last few decades. Throughout this past year, an internet...

40% of Remote Workers are Vulnerable to Cyber-Attacks

Two in five Remote Worker in the united kingdom are vulnerable to cyber-attacks since they haven't obtained advice about...

NVIDIA has released security updates to address six security vulnerabilities found in Windows and Linux GPU screen drivers, as well as ten additional flaws affecting the NVIDIA Virtual GPU (vGPU) management software.

Released on Thursday, the technology giant said the patches deal with issues which”may lead to denial of support, escalation of privileges, data tampering, or information disclosure.”

The vulnerabilities expose Windows and Linux machines to strikes resulting in a denial of service, escalation of privileges, data tampering, or information disclosure.

In total, Nvidia has resolved 16 vulnerabilities linked to the Nvidia GPU screen driver used to support graphics processing units, too in vGPU applications for virtual workstations, servers, programs, and PCs.

All these security bugs require local user access, meaning potential attackers will first have to gain access to vulnerable devices utilizing an extra attack vector.

High severity vulnerabilities patched

Following successful manipulation of one of the vulnerabilities patched today, attackers can easily escalate privileges to gain permissions above the default ones given by the OS.

They may also be exploited to render machines running vulnerable drivers or software temporarily unusable by triggering denial-of-service countries or to get access to otherwise unobtainable information.

The most severe vulnerability dealt with in Nvidia’s newest security around is CVE‑2021‑1051. Issued a CVSS score of 8.4, the issue affects the kernel mode layer for the Windows GPU display driver. If exploited, this flaw can lead to denial of service or privilege escalation.

NVIDIA has addressed the safety issues in most affected software products and platforms except for these tracked as CVE‑2021‑1052, CVE‑2021‑1053, and CVE‑2021‑1056 impacting the Linux GPU Display Driver for Tesla GPUs that will receive an update driver version starting with January 18, 2021.

CVE‑2021‑1052 is the next highest-severity vulnerability in the driver, but this bug impacts both Windows and Linux. The security flaw, given a seriousness score of 7.8, is also found in the kernel mode layer and enables user-mode customers to access heritage, privileged APIs.

As a result, an exploit leveraging this vulnerability could result in denial of service, privileges escalation, and data leaks.

Nvidia has also resolved CVE‑2021‑1053, a display driver bug for Windows and Linux machines using a CVSS score of 6.6, suggesting this vulnerability is considered a moderate/important issue. Improper validation of an individual pointer targeted at precisely the identical kernel mode layer can lead to denial of service.

Two other issues impact Windows machines specifically, at the same kernel-mode coating, which are tracked as CVE‑2021‑1054 and CVE‑2021‑1055 with severity scores of 6.5 and 5.3, respectively.

These vulnerabilities involve failures to perform authorization checks and improper access controllers and are exploitable to cause a denial of service. CVE‑2021‑1055 may also lead to data leaks.

The last vulnerability impacts Linux PCs only. Tracked as CVE‑2021‑1056 and issued a CVSS score of 5.3, this bug has been due to operating system file system permissions errors, prompting information disclosure and denial of service.

Except for CVE‑2021‑1066, a moderate CVSS 5.5 input validation issue in vGPU manager resulting in resource overload and refusal of service, every vulnerability was issued a severity score of 7.8.

Nvidia has patched eight vGPU manager and plugin vulnerabilities ranging from input data validation errors to race conditions and untrusted source worth. These security flaws could result in information disclosure, ethics and confidentiality reduction, and data tampering.

Two input validation vulnerabilities, CVE‑2021‑1058, and CVE‑2021‑1060 impact the guest kernel-mode driver and vGPU plugin.

To remain protected, Nvidia has recommended that consumers accept automatic security updates, or download them directly.

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.


Please enter your comment!
Please enter your name here

Latest News

An error of coding results attacker will delete a live video of Facebook

Facebook has solved the problem of Programming errors on live video services that allow attackers to successfully remove video...

What is a Cyber Attack or Virtual Attack

Firstly We Wil Discuss About Cyberattack or we will also say virtual attack. A Cyberattack is a type of attack that will be done...

Firefox 88 start disabling FTP with removal set for Firefox 90

Firefox 88 update has disabled File Transfer Protocol (FTP) support completely from the browser. The handling of clicking on FTP links from within Firefox...

Google Project Zero giving The 30-day grace period for user patch adoption

Google Project Zero will be shifting from a fairly hard 90-day deadline to a new model that incorporates a new 30-day grace period to...

Parking app ParkMobile experiences data breach of 21M Users

The popular mobile app that drivers use to pay and find available public parking in Pittsburgh and in other cities experienced a data breach...

More Articles Like This