'

Nvidia discloses security flaws in its GPU drivers for Windows and Linux

Nvidia's Geforce 461.09 driver contains fixes, but they are not in the driver's release notes...

Nvidia discloses security flaws in its GPU drivers for Windows and Linux

Nvidia discloses security flaws in its GPU drivers for Windows and Linux

After the release of their Geforce 461.09 driver update, Nvidia disclosed several GPU Display Driver vulnerabilities which impacted many of the company's drivers for both Windows and Linux, confirming that these faults "may lead to denial of service, escalation of privileges, data tampering, or information disclosure."

While we are grateful to Nvidia for disclosing these vulnerabilities, we will note that Nvidia did not disclose any of these fixes within their Geforce 461.09 release notes. This prevented early reporting on the driver from containing the real reason why Nvidia released a new mainstream WHQL Geforce driver which lacked any new game-specific optimisations.

Come on Nvidia, why are you hiding such important details like that from your driver release notes? It is not a coincidence that this disclosure came on the same day as the fix, so why didn't you disclose the fix in your driver release notes. Surely these security fixes are important enough to mention in your consumer-facing documentation? If nothing else, disclosing these fixes in your release notes would convince more of your users to update their drivers and secure their systems. 
 
With these vulnerabilities in mind, Windows/Linux users of Nvidia graphics cards should update their drivers to versions 461.09/460.32.03 as soon as they can. Additional information about these vulnerabilities is available on Nvidia's Customer Support website.    

This disclosure has turned Nvidia's Geforce 461.09 driver from a minor release to a major one, assuming that you are security conscious. There is more to this driver than minor bug fixes...

Nvidia discloses security flaws in its GPU drivers for Windows and Linux  

461.09 WHQL Download Links

Windows 10 - 64 Bit

You can join the discussion on Nvidia's new Geforce 461.09 WHQL driver on the OC3D Forums.  

«Prev 1 Next»

Most Recent Comments

08-01-2021, 09:13:55

looz
There are legitimate reasons for not disclosing such issues right away, which kinda hints that the vulnerabilities are rather serious.Quote

08-01-2021, 10:44:32

WYP
Quote:
Originally Posted by looz View Post
There are legitimate reasons for not disclosing such issues right away, which kinda hints that the vulnerabilities are rather serious.
If the disclosure is released on the same day as the driver, the driver's release notes should mention it.

Based on the contents of this driver, it was only released to address these issues. The other fixes in this driver are typically released in the form of a Hotfix.

When security is on the line and the information is out there, there is little reason for Nvidia to not encourage more people to update their drivers. The only reason no to in this case is to avoid scrutiny and for fewer people to see the disclosure.Quote

08-01-2021, 12:35:58

looz
Ah I'm an idiot and didn't spot that they did list the CVEs on another page - yeah a strange move.Quote
Reply
x

Register for the OC3D Newsletter

Subscribing to the OC3D newsletter will keep you up-to-date on the latest technology reviews, competitions and goings-on at Overclock3D. We won't share your email address with ANYONE, and we will only email you with updates on site news, reviews, and competitions and you can unsubscribe easily at any time.

Simply enter your name and email address into the box below and be sure to click on the links in the confirmation emails that will arrive in your e-mail shortly after to complete the registration.

If you run into any problems, just drop us a message on the forums.