Nvidia Fixes 12 High and Medium Severity Security Bugs

Nvidia Endeavor HQ

(Image credit: Nvidia)

Nvidia released security patches for 12 high and medium-severity vulnerabilities in its GPU display driver, as well as the GeForce Experience (GFE) utility this week. 

None of the bugs could be exploited remotely, so that should be a big sigh of relief for Nvidia GPU owners. However, the flaws could still allow for code execution, information disclosure, escalation of privilege and denial of service attacks when exploited locally. Without these patches, an attacker can use these to infect the user’s system via tactics such as convincing them to click on infected files sent via email or downloaded from hacked websites or ad networks.

The CVSS V3 scores of the bugs range from 5.1 to 7.8. Four of those 12 bugs are labeled high severity, while the other eight are labeled medium severity. The high severity bugs are vulnerabilities in the driver’s kernel-mode layer that can can lead to escalation privilege or denial of service attacks.

Referring to the bugs’ CVSS V3 scores, Nvidia largely downplayed the security vulnerabilities saying that the "risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation.” 

The company then recommended users to consult a security professional to evaluate the risk of their own computers and to update their GeForce, Quadro, NVS and Tesla Windows GPU display drivers to the latest versions found on the company’s Driver Downloads page. However, some of the affected driver versions will be patched on November 18, according to Nvidia.

Nvidia also encouraged GFE users to update to the latest version either by downloading the new version manually or by using the utility’s automated update system.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
Latest in Cyber Security
GeForce RTX 3090
Akira ransomware can be cracked with 16 RTX 4090 GPUs in around ten hours — new counterattack breaks encryption
Crypto Hacker
FBI identifies North Korea as source of $1.5 billion ByBit hack
A broken lock on a PCB.
Apartment buildings broken into with phone in minutes — IoT-connected intercoms using default creds vulnerable to anyone with Google
Streamjackers want your digital treasures
CS2 fans targeted by Streamjackers — viewers swindled out of crypto and Steam valuables
Eight Sleep's Pod 4 Ultra Smart Bed
Security researcher finds vulnerability in internet-connected bed, could allow access to all devices on network
13th Generation Intel CPU
Intel roasts AMD and Nvidia in its latest product security report, claiming AMD has vulnerabilities with no fix planned, Nvidia has only high-severity security bugs [Updated]
Latest in News
Despite external similarities, the RTX 3090 is not at all the same hardware as the RTX 4090 — even if you lap the GPU and apply AD102 branding.
GPU scam resells RTX 3090 as a 4090 — complete with a fake 'AD102' label on a lapped GPU
Inspur
US expands China trade blacklist, closes susidiary loopholes
WireView Pro 90 degrees
Thermal Grizzly's WireView Pro GPU power measuring utility gets a 90-degree adapter revision
Qualcomm
Qualcomm launches global antitrust campaign against Arm — accuses Arm of restricting access to technology
Nvidia Ada Lovelace and GeForce RTX 40-Series
Analyst claims Nvidia's gaming GPUs could use Intel Foundry's 18A node in the future
Core Ultra 200S CPU
An Arrow Lake refresh may still be in the cards with only K and KF models, claims leaker