Nvidia Warns: Severe Security Bugs in GPU Driver, vGPU Software

Nvidia graphics GPU

The gaming- and AI-friendly graphics accelerators can open the door to a range of cyberattacks.

Nvidia has disclosed a group of security vulnerabilities in the Nvidia graphics processing unit (GPU) display driver, which could subject gamers and others to privilege-escalation attacks, arbitrary code execution, denial of service (DoS) and information disclosure.

Meanwhile, the Nvidia virtual GPU (vGPU) software also has a group of bugs that could lead to a range of similar attacks.

5 GPU Display Driver Security Bugs

The most severe of the five bugs in the GPU display driver is tracked as CVE-2021-1074, which rates 7.5 out of 10 on the CVSS vulnerability scale, making it high-severity. It exists in the display driver’s installer, and allows an attacker with local system access to replace an application resource with malicious files. Such an attack may lead to code execution, escalation of privileges, denial of service, or information disclosure.

Join Threatpost for “Fortifying Your Business Against Ransomware, DDoS & Cryptojacking Attacks” a LIVE roundtable event on Wednesday, May 12 at 2:00 PM EDT for this FREE webinar sponsored by Zoho ManageEngine.

Another high-severity bug, CVE-2021-1075, rates 7.3 on the CVSS scale. NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the program dereferences a pointer that contains a location for memory that is no longer valid, which may lead to code execution, denial of service, or escalation of privileges.

Two medium-severity flaws, CVE-2021-1076 and CVE-2021-1077, both rate 6.6 on the CVSS scale. The former NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of service, information disclosure, or data corruption. The latter NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver branch, contains a vulnerability where the software uses a reference count to manage a resource that is incorrectly updated, which may lead to denial of service.

And finally, the medium-severity CVE-2021-1078 rates 5.5 on the CVSS scale and NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel driver (nvlddmkm.sys) where a NULL pointer dereference may lead to system crash.

8 Nvidia vGPU Software Vulnerabilities

Meanwhile, Nvidia’s vGPU software has eight different security holes. The virtualized GPU allows computing acceleration tailored for resource-intensive workloads like graphics-rich virtual workstations, data science and artificial intelligence.

The first four bugs are high-severity input-validation bugs that can lead to information disclosure, data tampering or DoS.

These are:

  • CVE20211080 (7.8 on the CVSS scale): A vulnerability in the vGPU Manager (vGPU plugin), in which certain input data is not validated;
  • CVE20211081 (7.8): A vulnerability in the guest kernel mode driver and vGPU manager (vGPU plugin), in which an input length is not validated;
  • CVE20211082 (7.8): A vulnerability in the vGPU Manager (vGPU plugin), stemming from an input length not being validated;
  • CVE20211083 (7.8): A vulnerability in the guest kernel-mode driver and vGPU Manager (vGPU plugin), also arising from an input length not being validated.

The other four could lead to a variety of outcomes if exploited:

  • CVE20211084 (7.8): A vulnerability in the guest kernel-mode driver and vGPU Manager (vGPU plugin), in which an input length is not validated, which may lead to data tampering or DoS;
  • CVE20211085 (7.3): A vulnerability in the vGPU Manager (vGPU plugin) could allow an attacker to write to a shared-memory location and manipulate the data after the data has been validated, which may lead to denial of service and escalation of privileges;
  • CVE20211086 (7.1): A vulnerability in the vGPU Manager (vGPU plugin) allows guests to control unauthorized resources, which may lead to integrity and confidentiality loss, or information disclosure;
  • CVE20211087 (5.5): A vulnerability in the vGPU Manager (vGPU plugin), could allow an attacker to retrieve information that could lead to an address space layout randomization (ASLR) bypass, which in turn could crack open the door to memory-corruption bug exploitation.

Nvidia has released patches to mitigate all of the bugs, which uses can download at through the Nvidia Driver Downloads page or, for the vGPU software update, through the Nvidia Licensing Portal. Affected version tables are available in Nvidia’s advisory, released Friday.

Nvidia continues to address security bugs on a regular basis. In January, it released fixes tied to 16 CVEs across its graphics drivers and vGPU software, in its first security update of 2021. And soon after, it issued patches for its Tesla-based GPUs and its Shield TV lineup.

Download our exclusive FREE Threatpost Insider eBook, 2021: The Evolution of Ransomware,” to help hone your cyber-defense strategies against this growing scourge. We go beyond the status quo to uncover what’s next for ransomware and the related emerging risks. Get the whole story and DOWNLOAD the eBook now – on us!

Suggested articles

Why is Cybersecurity Failing Against Ransomware?

Hardly a week goes by without another major company falling victim to a ransomware attack. Nate Warfield, CTO at Prevailion, discusses the immense challenges in changing that status quo.

Discussion

  • Matthew Carven on

    So how much slower will my gpu be now that the cpu must check the length of pointered data on 4+8 vulnerabilities?
  • Harrison on

    Probably negligible to minor, depending on how heavy the CPU load of your application is.
  • Anonymous on

    So basically all of the security bugs are only if they already have access to your computer, whether it is through the internet or LAN. Just keep windows firewall up and make sure you do not connect random people to your LAN.
  • Black Knight on

    The exact driver that contains the fixes is not mentioned by version, is a big oversight since this article is being quoted everywhere as a source, please add that information, it seems to be 466.27
    • Tara Seals on

      Hi there -- so, there are multiple driver versions that patch the issues and they vary by which chip a machine has. I put a link into the story to the advisory, which has tables that list it all out, but here it is again: https://nvidia.custhelp.com/app/answers/detail/a_id/5172

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.