Nvidia Patches Eight Security Vulnerabilities Across Most Product Lines

(Image credit: Hairem/Shutterstock)

Most graphics drivers are exciting because they add support for new hardware, include optimizations for the latest games, or fix issues found in their predecessors. A batch of new drivers from Nvidia offers a different incentive: protection against eight vulnerabilities that could be used to conduct various attacks.

Nvidia offered details about the vulnerabilities in a security bulletin this week. They vulnerabilities vary in scope. They can enable code execution, privilege escalation and denial of service (DoS) attacks and can be found in drivers for Windows, Linux, FreeBSD and Solaris operating systems. GeForce, Quadro, NVS and Tesla products are vulnerable.

One vulnerability, CVE-2018-6260, enables side-channel attacks similar in concept to the likes of Spectre and Meltdown, Intel CPU security flaws discovered in 2018. That vulnerability requires additional steps (which Nvidia didn't outline) to address even after the new drivers are installed. But because it can't be remotely exploited, it's not deemed critical.

Here's how to find the extra steps needed to address CVE-2018-6260, according to Nvidia:

  • Windows: Go to the Developer->Manage GPU Performance Counters menu of the NVIDIA Control Panel Help to see additional steps required. Enterprise customers should refer to the instructions in the Product Release Notes.
  • Linux: Refer to the Restricting Access to GPU Performance Counters section of the Linux driver Readme.

All of the vulnerabilities received CVSS V3 "base scores" to rank their severity. CVE-2018-6260 has a base score of 2.2, one scored 6.5, another 7.8 and four others had an 8.8 base score (lower is better). Nvidia said there aren't any mitigations for these flaws; defending against them requires the new drivers.

It's important to install these releases, then, even without all the flashy additions that usually inspire people to update their graphics setups. The new drivers that defend against these vulnerabilities are available now from Nvidia's website.

Want to comment on this story? Let us know what you think in the Tom's Hardware Forums.

Nathaniel Mott
Freelance News & Features Writer

Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.

Latest in Security Software
Virtual Private Network
Florida experiences a huge 1,150% surge in VPN use as Pornhub blocks access in response to age-verification law
BadRAM exploit
BadRAM attack breaches AMD secure VMs using a Raspberry Pi Pico, DDR socket, and a 9V battery
Microsoft Defender Mobile VPN UI
Microsoft Defender can now detect insecure Wi-Fi hotspots and enable a VPN — you need to pay for Microsoft 365 and live in a supported region
Kaspersky HQ
U.S. customers wake up to find Kaspersky antivirus sneakily replaced with UltraAV — switchover caught many users by surprise
China's Unisoc launches 'world's first' open architecture RISC-V security chip
Dominic White
CrowdStrike President graciously accepts Pwnie Epic Fail award at DEF CON hacking conference
Latest in News
Qualcomm
Qualcomm launches global antitrust campaign against Arm — accuses Arm of restricting access to technology
Nvidia Ada Lovelace and GeForce RTX 40-Series
Analyst claims Nvidia's gaming GPUs could use Intel Foundry's 18A node in the future
RX 9070 XT Sapphire
Lisa Su says Radeon RX 9070-series GPU sales are 10X higher than its predecessors — for the first week of availability
RTX 5070, RX 9070 XT, Arc B580
Real-world GPU prices cost up to twice the MSRP — a look at current FPS per dollar values
Zotac Gaming GeForce RTX 5090 AMP Extreme Infinity
Zotac raises RTX 5090 prices by 20% and seemingly eliminates MSRP models
ASRock fixes AM5 motherboard by cleaning it
ASRock claims to fix 'burned out' AM5 motherboard by cleaning the socket