You can sign up to get a daily email of our articles, see the Mailing List page!

Here we are again. NVIDIA has today sent out a security bulletin to inform users on Linux and Windows to ensure your GPU drivers are up to date due to freshly revealed security problems.

The issues can result in information disclosure, data tampering, and denial of service. As always, even if you think you're not vulnerable for whatever reason, upgrading is highly recommended now.

Here's those that are specific to Linux:

CVE ID Description Base Score Vector
CVE‑2021‑1090 NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for control calls where the software reads or writes to a buffer by using an index or pointer that references a memory location after the end of the buffer, which may lead to data tampering or denial of service. 7.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVE‑2021‑1093 NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in firmware where the driver contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary, and may lead to denial of service or system crash. 6.2 AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE‑2021‑1094 NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an out of bounds array access may lead to denial of service or information disclosure.  6.1 AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
CVE‑2021‑1095 NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handlers for all control calls with embedded parameters where dereferencing an untrusted pointer may lead to denial of service. 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Those are what's relevent to us normal desktop users. However there's also issues identified in their NVIDIA vGPU Software too.

How to know if you're okay? NVIDIA also detailed what driver versions are good:

Software Product Operating System Driver Branch Affected Driver Versions Updated Driver Version
GeForce Linux R470 All versions 470.57.02
R460 All versions prior to 460.91.03 460.91.03
NVIDIA RTX/Quadro, NVS Linux R470 All versions 470.57.02
R460 All versions prior to 460.91.03 460.91.03
R390 All versions prior to 390.144 390.144

In other words, grabbing the very latest driver (NVIDIA 470.57.02 from July 20) is likely your best choice and with all the new features too, it's a good one to try out regardless.

Article taken from GamingOnLinux.com.
7 Likes , Who?
We do often include affiliate links to earn us some pennies. We are currently affiliated with GOG and Humble Store. See more here.
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly came back to check on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly.
See more from me
6 comments

CatKiller 2 days ago
Ah, that's why the main Ubuntu repositories got updated versions of the Nvidia driver with uncharacteristic swiftness today.
slaapliedje 2 days ago
View PC info
  • Supporter Plus
Quoting: CatKillerAh, that's why the main Ubuntu repositories got updated versions of the Nvidia driver with uncharacteristic swiftness today.
Debian is in freeze, but should allow this as an exception. Hopefully they end up with the 470 release in bullseye.
scaine 2 days ago
View PC info
  • Contributing Editor
  • Mega Supporter
These are all local vulnerabilities - can't be exploited remotely. I, uh, can't really get very excited by such things unless they're feasibly chained with a remote exploit.
morbius 2 days ago
Updated to 470.57.02, seems to be working. It was a solid excuse for me to migrate on a new stable driver branch.
Quoting: scaineThese are all local vulnerabilities - can't be exploited remotely. I, uh, can't really get very excited by such things unless they're feasibly chained with a remote exploit.
You say that now, but wait till your 10 year old daughter hacks your computer and says your data doesn't get unransomed until she gets all the cookies.
Valso about 5 hours ago
470.57.02 may fix some issues and bring DLSS but first it has bugs (my video card stays 15 degrees higher than usual in idle mode than it does with 465.31) and secondly, three digits for the version means it's a beta driver. No beta driver supports Nvidia Encoding also known as H265 NVENC which I use very often with Handbrake. There's an easy way to spot nvidia's fallacy regarding that driver - run handbrake and make it convert a large video file (for instance H264) with H265 NVENC. If the CPU goes to 100% whereas the video card keeps its normal idle temperature, that means the driver in question doesn't support NVENC. NVENC means that conversion is processed by both CPU and GPU, but mostly by the GPU.
To me the unavailability of NVENC is a deal breaker.
While you're here, please consider supporting GamingOnLinux on:

Patreon, Liberapay or PayPal Donation.

This ensures all of our main content remains totally free for everyone with no article paywalls. We also don't have tons of adverts, there's also no tracking and we respect your privacy. Just good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
Login / Register

Or login with...
Sign in with Steam Sign in with Twitter Sign in with Google
Social logins require cookies to stay logged in.

Livestreams & Videos
Community Livestreams
Latest Forum Posts