Support NeoGAF

[Topher]

Nvidia has released one of its rare security bulletins over the last 24 hours, disclosing 15 security vulnerabilities that affect its Windows and Linux graphics drivers. Nine are marked as "high-severity", as they could allow attackers to bork* your PC, gain administrative access, exfiltrate personal data and/or execute arbitrary code. All the bad stuff, basically.

For GeForce graphics card owners, it's therefore recommended to update your drivers to the latest available version, with all versions prior to 596.36 (for modern GeForce GPUs) or 482.53 (for GTX 10-series and earlier GPUs) vulnerable to some or all of these exploits.

If you have the Nvidia app installed on Windows and update your drivers when prompted, it's likely that you're already on the latest 596.49 update released a week ago, but do check to make sure.

For Linux users, your target version is 590.48.01 and you can use the console command nvidia-smi (or the GUI alternative nvidia-settings) to check your current installed driver version. Using your OS package manager to install the latest available updates is normally the best way to proceed on most distributions.

The Nvidia disclosure page includes all of the grisly technical details if you'd like to learn more, including information of interest to owners of non-gaming GPUs like Quadro, NVS and Tesla.

PSA - Upgrade Your Nvidia Graphics Drivers To Avoid a "High-Severity" Vulnerability

Game Ready driver 596.36 includes fixes; all earlier versions susceptible.

www.digitalfoundry.net

---

 

[Bojji]

Good to know. I'm already on 596.49.

 

[SlimySnake]

Spoiler

im still on windows 10 so im already yolo'ing. but this sounds serious. fuck. i hate installing new nvidia drivers. you never know which one will downgrade performance randomly in games.

 

[Guardian Monkey]

I upgrade mine whenever they are available. Because fuck it, that's why.

 

[The Cockatrice]

Aren't these security flaws common with every driver?

 

[Hudo]

Thanks. Updating right now.

 

[PauloRoberto]

NINE high severity security vulnerabilities? Holy moly... Why the heck didn't they use AI to find those quicker? (#LowBlow)

 

[Guilty_AI]

Nah, prob an issue for workstations but these types of vulnerabilities rarely matter in home computers

 

[Black_Stride]

Update drivers?

I dont WANNA!!!!!!

Ill do it in the morning, my PC is busy right now.

 

[GudOlRub]

Why the heck didn't they use AI to find those quicker? (#LowBlow)

They are, hence this warning.
I'm seeing it all over the IT industry, until last month security was just an afterthought where I work at, now every CI/CD pipeline gets blocked every single week from some new vulnerability that shows up.
Most big companies have begun to understand that they cannot fuck around anymore with AI being so capable of finding holes in the security of their systems.

 

[diffusionx]

Nvidia has their B team on gaming.

 

[Thick Thighs Save Lives]

Thanks. I'm not taking chances so I'm updating to the newest nvidia driver now.

 

[Three]

Nah, prob an issue for workstations but these types of vulnerabilities rarely matter in home computers

How/why exactly? This affects all earlier versions of game ready drivers.

 

[PauloRoberto]

They are, hence this warning.
I'm seeing it all over the IT industry, until last month security was just an afterthought where I work at, now every CI/CD pipeline gets blocked every single week from some new vulnerability that shows up.
Most big companies have begun to understand that they cannot fuck around anymore with AI being so capable of finding holes in the security of their systems.

I dont quite agree with that (im a senior backend dev, and i get you are saying), Nvidia, evne for advertising, should be the FIRST to show these kinds of AI applications.

And Linus (you know, Linux) is tired of having the same 500 reports of the same hypothetical fail, so even this AI practical usage is not that well used...

 

[Guilty_AI]

How/why exactly? This affects all earlier versions of game ready drivers.

i'm talking about basic risk assessment.

 

[Three]

i'm talking about basic risk assessment.

What do you mean? As in only workstations have sensitive stuff on it or will be targeted?
Not sure about that, malware can spread fast for known vulnerabilities.

 

[Guilty_AI]

What do you mean? As in only workstations have sensitive stuff on it or will be targeted?

That and vectors with which an attacker can get access to the computer to begin with - necessary step for these types of vulnerabilities to even matter. In a company, there are multiple ways for an attacker to gain access to a computer, through one of multiple employees, direct physical access, or even being a employee themselves. As such, the computer itself being secure is important. But for a home computer only you use? As long as you're not downloading weird stuff from the net or clicking suspicious links, it is very unlikely.