If your computer uses an NVIDIA graphics card, you may want to make sure that you’re using the latest drivers. That is, assuming you don’t want to leave your system exposed to attackers. In a recently released security bulletin, the company has disclosed several vulnerabilities affecting its GeForce RTX lineup.
As detailed in the bulletin, a total of 13 vulnerabilities were identified. Out of these, NVIDIA has classified eight as high severity. For Windows devices, the company lists issues in the kernel-mode driver and driver resource handling. These include improper GPU resource access, a time-of-check/time-of-use issue and a driver-lock leak.
Exploitation of these issues could lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution. In short, attackers getting a hold of a compromised system would be able to inject malicious code, as well as steal crucial data, among other things.
According to NVIDIA, all drivers before version 596.36 (or version 482.53 for GTX 10-series and below) are potentially at risk. With all this in mind, the company has issued driver updates to combat these issues. Windows and Linux users can download these updates directly from the NVIDIA Driver Downloads page. For Windows devices, the latest driver version is 596.49, which was released about a week ago. That said, if your machine is running at least version 596.36, then you shouldn’t be affected. Still, it’s a good idea to keep your drivers up-to-date.
It is worth noting that the issues aren’t limited to the GeForce cards. In fact, the problems extend to its Quadro, Tesla, and NVS products as well. Aside from this, the company’s security bulletin detailed vulnerabilities affecting its vGPU software, which handles firmware. These issues could allow malicious actors to cause a “use-after-free for stack memory”. If successful, this may lead to similar data tampering and code execution.
