Join us on our own very special Reddit: /r/Linuxers

Update your NVIDIA drivers due to multiple security issues found

By - | Views: 20,725

Here's something we missed with the latest NVIDIA driver updates - turns out that NVIDIA had multiple security issues that they put out in a recent security bulletin. Multiple issues affect both Windows and Linux, across multiple versions of the official NVIDIA proprietary driver.

The ones that affect the Linux desktop are:

  • CVE‑2021‑1052: "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure."
  • CVE‑2021‑1053: "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which improper validation of a user pointer may lead to denial of service."
  • CVE‑2021‑1056: "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure."

There's also some vGPU security issues too, which also affect Linux but they're not regular desktop stuff.

If you want to make sure you're totally safe you should update to the latest driver in the series you're using. Going by the information on the NVIDIA security page you should be good on (or better) 460.32.03 which is the latest "Production Branch" driver, 450.102.04 and 390.141 being the latest Legacy driver.

You can look out for future security info here from NVIDIA.

Article taken from GamingOnLinux.com.
22 Likes, Who?
We do often include affiliate links to earn us some pennies. We are currently affiliated with GOG, Humble Store and Paradox Interactive. See more here.
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly came back to check on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly.
See more from me
24 comments
Page: «3/3
  Go to:

slaapliedje 12 Jan
View PC info
  • Supporter Plus
Quoting: PhiladelphusSo, obviously security vulnerabilities are bad and I'm going to update ASAP, but just how bad are these, really? Do I have to worry about some carefully crafted bad GIF on a shady website making my GPU run arbitrary code as root, or what?
I learned recently of a new fetish about people who get aroused by rescuing people from quicksand. They are apparently called Sinkers... so your computer will get filled with sinker porn!
aokami 12 Jan
Quoting: PhiladelphusSo, obviously security vulnerabilities are bad and I'm going to update ASAP, but just how bad are these, really? Do I have to worry about some carefully crafted bad GIF on a shady website making my GPU run arbitrary code as root, or what?


Nah, the rendering is done by the browser and through the compositor. You'd likely have to run a rogue application or a very badly designed rendering application that'd run arbitrary code. I'll try to go get some more information.

Fun fact: simple stuff taken for granted like jpg libraries had countless vulns and exploit in older versions, and carefully crafted image files could have been detrimental.
https://security.stackexchange.com/questions/97856/can-simply-decompressing-a-jpeg-image-trigger-an-exploit
Not to even mention ImageTragick.
Quoting: aokamiNah, the rendering is done by the browser and through the compositor. You'd likely have to run a rogue application or a very badly designed rendering application that'd run arbitrary code. I'll try to go get some more information.

Fun fact: simple stuff taken for granted like jpg libraries had countless vulns and exploit in older versions, and carefully crafted image files could have been detrimental.
https://security.stackexchange.com/questions/97856/can-simply-decompressing-a-jpeg-image-trigger-an-exploit
Not to even mention ImageTragick.
Interesting, thanks. While my question was a bit hyperbolic, I'm glad to learn about things like this.
slaapliedje 13 Jan
View PC info
  • Supporter Plus
Quoting: Philadelphus
Quoting: aokamiNah, the rendering is done by the browser and through the compositor. You'd likely have to run a rogue application or a very badly designed rendering application that'd run arbitrary code. I'll try to go get some more information.

Fun fact: simple stuff taken for granted like jpg libraries had countless vulns and exploit in older versions, and carefully crafted image files could have been detrimental.
https://security.stackexchange.com/questions/97856/can-simply-decompressing-a-jpeg-image-trigger-an-exploit
Not to even mention ImageTragick.
Interesting, thanks. While my question was a bit hyperbolic, I'm glad to learn about things like this.
I remember first reading about that and couldn't help but wonder how one would not notice a corrupted image with a payload, but ehen looking into it, sure enough it was possible simply because of the way jpg worked. Crazy.
While you're here, please consider supporting GamingOnLinux on:

Patreon, Liberapay or PayPal Donation.

We have no adverts, no paywalls, no timed exclusive articles. Just good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
Login / Register

Or login with...
Sign in with Steam Sign in with Twitter Sign in with Google
Social logins require cookies to stay logged in.