Latest news Software

Urgent security warning: NVIDIA urges GeForce users to update drivers – Eight critical vulnerabilities discovered

NVIDIA has discovered several serious vulnerabilities in its graphics drivers that increase the risk of attacks on systems using GeForce GPUs and professional graphics cards. These vulnerabilities affect not only GeForce and RTX series gaming GPUs, but also workstation and professional models such as Quadro, NVS and Tesla. The affected drivers potentially allow malware to be installed on the devices, personal data to be manipulated or the system to be blocked. According to NVIDIA, the vulnerabilities have values of up to 8.2 on the security rating scale and are classified as “high”. Affected users should therefore update their drivers as quickly as possible to minimize risks.

Details of the security vulnerabilities

The identified vulnerabilities affect both the NVIDIA GPU Display Driver and the NVIDIA VGPU software. These driver components control the display and management of graphical content on Windows and Linux systems. The vulnerabilities may allow an attacker with elevated privileges to execute malicious code or gain access to sensitive data. Possible attack scenarios include code execution, denial of service, escalation of privileges and information theft. The risk is rated between 7.1 and 8.2 on the CVSS scale, underlining the severity of the threat.

Affected driver versions and recommended updates

To minimize the risk, NVIDIA has provided updated driver versions that close the vulnerabilities. The recommended versions vary depending on the operating system and GPU model. Windows users using GeForce, RTX, Quadro or NVS GPUs should update to versions 566.03, 553.24 or 538.95. Versions 553.24 and 538.95 are intended for NVIDIA Tesla GPUs. Linux users should install versions 565.57.01, 550.127.05 or 535.216.01, depending on the GPU model, to ensure that the gaps are closed.

Risk for users without an update

Ignoring these updates could leave systems open to attack. Particularly dangerous is the potential escalation of privileges, which opens up a wide range of manipulation possibilities for attackers. The vulnerabilities in the previous drivers offer attackers the opportunity to gain full access to a system and compromise personal data or influence system behavior. Especially in corporate environments that rely on professional GPUs such as Quadro and Tesla, unclosed security gaps can have serious consequences.

How do users update their drivers?

Users can download the latest drivers manually from the NVIDIA website by selecting their GPU model and operating system. Alternatively, many PC manufacturers offer the latest drivers, which also contain the security updates. Updating your systems regularly reduces the risk of cyberattacks and ensures more stable system performance.

NVIDIA emphasizes the importance of regular driver updates to minimize risks from known security vulnerabilities. These updates are not only relevant for the functionality of the hardware, but also for the security of the overall system. In the past, GPU drivers were often not a focus point for security updates, but the current case shows how important it is to stay up to date here too.

Source: NVIDIA, PC World

Kommentar

Lade neue Kommentare

Alter.Zocker

Veteran

229 Kommentare 164 Likes

Anscheinend sind aber diese Sicherheitslücken schon im letzten Versionsstand vom 22. Oktober gefixt worden, wer also seine Grafiktreiber schon vor ein paar Tagen aktualisiert hat, z.B. um für die aktuellen Game-Releases "gerüstet" zu sein (bei GeForce auf die Version 566.03), ist davon nicht mehr in dem Maße betroffen...

Anbei das Security-Bulletin von nvidia vom 22.Oktober:
https://nvidia.custhelp.com/app/answers/detail/a_id/5586

Antwort 2 Likes

Feen-Schubser

Veteran

136 Kommentare 55 Likes

Da wäre mal spannend ob Cheater dann traurig sind:

CWE Nvidia:

NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory. A successful exploit of this vulnerability may lead to arbitrary kernel code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Nicht das einer Skynet bauen möchte mit den H100.

Antwort Gefällt mir

Klicke zum Ausklappem

Danke für die Spende



Du fandest, der Beitrag war interessant und möchtest uns unterstützen? Klasse!

Hier erfährst Du, wie: Hier spenden.

Hier kannst Du per PayPal spenden.

About the author

Samir Bashir

Werbung

Werbung