The Federal Office for Information Security has published a security notice in which the authority has identified several vulnerabilities in the NVIDIA driver with the Risk level 4 assessed. Thanks to the security holes, local attackers are able to take control of the system. The graphics card manufacturer has already reacted and published a corresponding update. Said update fixes a total of 01 vulnerabilities. This also includes ten holes in NVIDIA’s Virtual GPU (vGPU) management software.

Both Windows and Linux users are affected by the exploits. However, attackers must gain local access to the systems in order to take control by exploiting the loopholes. Nonetheless, all users are strongly advised to apply said update immediately. However, all Linux users still have to log in until 18. January 2021 be patient. Only then should an update for the Linux GPU display driver be available.

The current NVIDIA drivers can either be downloaded directly from the manufacturer’s official website or downloaded and installed using the GeForce Experience software.

In addition, corresponding updates with the Windows GPU display driver for the versions 460. 84, 457. 49 such as 452. 66 distributed. Further information on the mentioned vulnerabilities can be found in the NVIDIA Security Bulletin. A detailed entry can be found here. Even if your own computer is only locally vulnerable, you should not wait to update the driver.

In addition to NVIDIA, AMD also reported weaknesses in its own graphics drivers and the Ryzen Master in October last year. Employees of the Cisco Talos Sourcefire Vulnerability Research Team found, among other things, the CVE vulnerability – 2020 – 12911 in the ATIKMDAG.SYS of the ATI kernel mode driver package.