430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

NVIDIA addressed multiple code execution issues in GPU Drivers

NVIDIA released security patches for a dozen vulnerabilities in GPU display drivers and vGPU software, including code execution issues. NVIDIA has released security updates to address a dozen vulnerabilities in GPU display drivers and vGPU software, some of them could lead to code execution. “NVIDIA has released a software security update for NVIDIA GPU Display […]

NVIDIA

NVIDIA released security patches for a dozen vulnerabilities in GPU display drivers and vGPU software, including code execution issues.

NVIDIA has released security updates to address a dozen vulnerabilities in GPU display drivers and vGPU software, some of them could lead to code execution.

“NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to denial of service, escalation of privileges, or information disclosure.” reads the security advisory published by NVIDIA.

“To protect your system, download and install this software update through the NVIDIA Driver Downloads page or, for the vGPU software update, through the NVIDIA Licensing Portal.”

One of the most severe vulnerabilities affecting the GPU drivers is the CVE‑2020‑5962 that affects the NVIDIA GPU display driver, it could be exploited by a local attacker to elevate privileges or cause a denial of service (DoS) condition.

Another severe flaw is CVE‑2020‑5963 which impacts in the CUDA driver, the second resides in the Inter Process Communication APIs and could lead to code execution, DoS, or information disclosure.

NVIDIA also addressed 4 vulnerabilities (CVE‑2020‑5964, CVE‑2020‑5965, CVE‑2020‑5966, CVE‑2020‑5967) affecting the GPU display driver,

The most severe one is the CVE‑2020‑5964 which could lead to code execution, denial of service, or information disclosure.

The company addressed four vulnerabilities in the vGPU plugin of the Virtual GPU Manager that could be exploited to execute code, cause a DoS condition, escalate privileges, or leak data,

The issues are caused by the incorrect restriction of operations within the boundaries of a resource (CVE‑2020‑5968), a race condition (CVE‑2020‑5969), lack of validation of input data size (CVE‑2020‑5970), or the reference of memory locations after the targeted buffer (CVE‑2020‑5971).

The flaws addressed by the vendor affect multiple versions of the GeForce, Quadro, NVS, and Tesla drivers for Windows and Linux, as well as various iterations of vGPU software for Windows, Linux, Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux with KVM, and Nutanix AHV.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, GPU)

[adrotate banner=”5″]

[adrotate banner=”13″]