Nvidia’s First Patch of 2021 Addresses Sixteen CVEs
In it’s first patch of 2021, popular gaming-GPU manufacturer, Nvidia, has addressed a multitude of high-severity flaws affecting its graphic driver. The vulnerabilities in question would allow threat actors to cripple systems with DoS attacks, escalate privileges, tamper with data, or otherwise target sensitive data.
Nvidia released the patch last Thursday, addressing 16 CVEs overall. The most severe being CVE-2021-1051, an issue in the graphic driver’s kernel, having been assigned a CVSS score of 8.4 out of 10, thus making it a high severity vulnerability.
The other CVEs addressed are:
- CVE‑2021‑1052
- CVE-2021-1053
- CVE-2021-1054
- CVE-2021-1055
- CVE-2021-1056
- CVE-2021-1057
- CVE‑2021‑1058
- CVE-2021-1059
- CVE‑2021‑1060
- CVE-2021-1061
- CVE‑2021‑1062
- CVE‑2021‑1063
- CVE‑2021‑1064
- CVE-2021-1065
- CVE‑2021‑1066
We highly recommend applying the patch to any of your systems running a Nvidia GPU. Beyond its graphics drivers, Nvidia warned of flaws tied to nine high-severity CVEs in its virtual GPU (vGPU) software. Nvidia’s vGPU creates graphics-focused virtual desktops and workstations in tandem with the company’s data center Tesla accelerator GPUs.
Sources: