Support us on Patreon to keep GamingOnLinux alive. This ensures all of our main content remains free for everyone. Just good, fresh content! Alternatively, you can donate through PayPal. You can also buy games using our partner links for GOG and Humble Store.
We do often include affiliate links to earn us some pennies. See more here.

Here's something we missed with the latest NVIDIA driver updates - turns out that NVIDIA had multiple security issues that they put out in a recent security bulletin. Multiple issues affect both Windows and Linux, across multiple versions of the official NVIDIA proprietary driver.

The ones that affect the Linux desktop are:

  • CVE‑2021‑1052: "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure."
  • CVE‑2021‑1053: "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which improper validation of a user pointer may lead to denial of service."
  • CVE‑2021‑1056: "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure."

There's also some vGPU security issues too, which also affect Linux but they're not regular desktop stuff.

If you want to make sure you're totally safe you should update to the latest driver in the series you're using. Going by the information on the NVIDIA security page you should be good on (or better) 460.32.03 which is the latest "Production Branch" driver, 450.102.04 and 390.141 being the latest Legacy driver.

You can look out for future security info here from NVIDIA.

Article taken from GamingOnLinux.com.
22 Likes
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly checked on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly. You can also follow my personal adventures on Bluesky.
See more from me
The comments on this article are closed.
All posts need to follow our rules. For users logged in: please hit the Report Flag icon on any post that breaks the rules or contains illegal / harmful content. Guest readers can email us for any issues.
20 comments

Basiani Jan 10, 2021
Latest Nvidia driver also has bug for Detroit: Become Human, you can't play after chapter 28, it crashes, need to downgrade 440. After som search in web, it's clear that same happens on Windows too. So, newer drivers have not only security problems.


Last edited by Basiani on 10 January 2021 at 12:39 pm UTC
Xpander Jan 10, 2021
i'm safe at least :)

xpander@archlinux ~ $ nvidia-smi | grep Version
| NVIDIA-SMI 460.32.03    Driver Version: 460.32.03    CUDA Version: 11.2     



but yeah, things like these happen quite a lot lately. More research is put into checking this kind of stuff i guess?


Latest Nvidia driver also has bug for Detroit: Become Human, you can't play after chapter 28, it crashes, need to downgrade 440. After som search in web, it's clear that same happens on Windows too. So, newer drivers have not only security problems.

Ohh thats weird... i played through all of the game with 450.xx drivers..different ones. havent tried on 460 though


Last edited by Xpander on 10 January 2021 at 1:11 pm UTC
Liam Dawe Jan 10, 2021
Edit: What's about the Beta driver: 460.27.04 which is the one I ran the last weeks before the latest release driver where they affected by this too?
The versions listed in the article are what NVIDIA say are safe.
Basiani Jan 10, 2021
Ohh thats weird... i played through all of the game with 450.xx drivers..different ones. havent tried on 460 though

Yes, 450 works well for Detroit. 460 crashes when starting chapter 29 "Last Chance, Connor". I played that game whole two days and every attemp to play chapter 29 it was crashing. A little search I found that same problem have Windows users and fix was just downgrade Nvidia's driver. Tried downgrade driver on Arch Linux, but there was multiple dependencies and it failed, so temporery I installed Ubuntu with Nvidia-450 and finished game with mostly good ending. Yeah, today going back again to Arch.


Last edited by Basiani on 10 January 2021 at 3:19 pm UTC
whizse Jan 10, 2021
View PC info
  • Supporter
Im getting sick of nvidia, time to upgrade to a more open company
"Escalation of privileges, information disclosure" - seems wide open to me?
Shaddycat Jan 10, 2021
Doesn't work on my machine. I get stuck at a super low resolution and 76 Hz. Using a GTX 1080 on Mint. Anyone else have a similar issue?

I'll just stick to 450 for now I think.
14 Jan 10, 2021
View PC info
  • Supporter Plus
Creating security vulnerabilities is a great way to motivate your user-base to get off old code.
Schattenspiegel Jan 10, 2021
Doesn't work on my machine. I get stuck at a super low resolution and 76 Hz. Using a GTX 1080 on Mint. Anyone else have a similar issue?

I'll just stick to 450 for now I think.
Did you manually upgrade from the nvidia page or did you use the driver tool provided by Linux Mint in combination with the ppa?


Last edited by Schattenspiegel on 10 January 2021 at 7:21 pm UTC
slaapliedje Jan 10, 2021
Ohh thats weird... i played through all of the game with 450.xx drivers..different ones. havent tried on 460 though

Yes, 450 works well for Detroit. 460 crashes when starting chapter 29 "Last Chance, Connor". I played that game whole two days and every attemp to play chapter 29 it was crashing. A little search I found that same problem have Windows users and fix was just downgrade Nvidia's driver. Tried downgrade driver on Arch Linux, but there was multiple dependencies and it failed, so temporery I installed Ubuntu with Nvidia-450 and finished game with mostly good ending. Yeah, today going back again to Arch.
I really should play through that game, I bought it when it came out on the PS4 though as I thought it was going to be an exclusive one for some reason.
TheRiddick Jan 10, 2021
The AMD 6000 series of GPU's work on kernel 5.10 just fine but allot of nice features for them won't appear until kernel 5.12... THAT is the one downside to open-source, it can take a little while for all the features to be exposed.

I gotta give it to NVIDIA for keeping their driver updated all by themselves, but obviously they have a method of porting code from their windows drivers to Linux which appears to mostly work with a few work around caveats.

I've found updating GPU drivers and MESA to be much easier under Arch based Linux, AUR is a godsend also! The whole PPA Ubuntu random packages method was rather clunky to deal with!


Last edited by TheRiddick on 10 January 2021 at 9:44 pm UTC
Shaddycat Jan 10, 2021
Doesn't work on my machine. I get stuck at a super low resolution and 76 Hz. Using a GTX 1080 on Mint. Anyone else have a similar issue?

I'll just stick to 450 for now I think.
Did you manually upgrade from the nvidia page or did you use the driver tool provided by Linux Mint in combination with the ppa?

I updated with the driver tool provided by Mint.
tuubi Jan 10, 2021
View PC info
  • Supporter Plus
I've found updating GPU drivers and MESA to be much easier under Arch based Linux, AUR is a godsend also! The whole PPA Ubuntu random packages method was rather clunky to deal with!
A Mesa update is just as simple to install as any other update, isn't it?

Are the packages in AUR less "random" than ones in a PPA?
Schattenspiegel Jan 10, 2021
I updated with the driver tool provided by Mint.
Sorry, no clue then.
slaapliedje Jan 11, 2021
I've found updating GPU drivers and MESA to be much easier under Arch based Linux, AUR is a godsend also! The whole PPA Ubuntu random packages method was rather clunky to deal with!
A Mesa update is just as simple to install as any other update, isn't it?

Are the packages in AUR less "random" than ones in a PPA?
Well mesa being a library that a lot of things depend upon, and PPAs basically being a wild west and not officially supported by Ubuntu...
And with Arch they are core libraries and so things that need to be rebuilt on those are rebuilt at the same time the libraries are. It is one of the 'pros' of running a Rolling release. If you are someone who always needs bleeding edge drivers / libraries, Arch is fantastic at keeping things up to date. If I ran AMD stuff, I would probably just stick to Arch.
Snaps were created to try and stop the many PPAs from being needed.
tuubi Jan 11, 2021
View PC info
  • Supporter Plus
I've found updating GPU drivers and MESA to be much easier under Arch based Linux, AUR is a godsend also! The whole PPA Ubuntu random packages method was rather clunky to deal with!
A Mesa update is just as simple to install as any other update, isn't it?

Are the packages in AUR less "random" than ones in a PPA?
Well mesa being a library that a lot of things depend upon, and PPAs basically being a wild west and not officially supported by Ubuntu...
A wild west just like AUR then. I use a grand total of three PPAs on my gaming/entertainment box currently BTW, one owned and updated by a Valve employee, and the other two by the teams who develop the software I download from those PPAs. Do you always check who wrote the pkgbuilds you download from AUR?

And with Arch they are core libraries and so things that need to be rebuilt on those are rebuilt at the same time the libraries are. It is one of the 'pros' of running a Rolling release.
Having to build a bunch of stuff yourself is a pro?

I was a Gentoo user for a couple of years so I see what you're trying to say, but for most users that really isn't a pro.

If you are someone who always needs bleeding edge drivers / libraries, Arch is fantastic at keeping things up to date. If I ran AMD stuff, I would probably just stick to Arch.
I don't see why I would, and I actually run AMD stuff. If you mainly use your computer for gaming, you're best off running something close to what game developers test against, with just your graphics drivers updated to the latest and greatest.

There are good reasons to prefer a rolling distro but gaming isn't one. If you just want to play your games, you don't really care about most libraries being bleeding edge as much as you care about having a supported system. That's why we have steam runtimes and whatnot.

Snaps were created to try and stop the many PPAs from being needed.
I doubt that was even in the top five reasons.



I guess this discussion is a bit off topic here.
Philadelphus Jan 11, 2021
So, obviously security vulnerabilities are bad and I'm going to update ASAP, but just how bad are these, really? Do I have to worry about some carefully crafted bad GIF on a shady website making my GPU run arbitrary code as root, or what?
slaapliedje Jan 12, 2021
So, obviously security vulnerabilities are bad and I'm going to update ASAP, but just how bad are these, really? Do I have to worry about some carefully crafted bad GIF on a shady website making my GPU run arbitrary code as root, or what?
I learned recently of a new fetish about people who get aroused by rescuing people from quicksand. They are apparently called Sinkers... so your computer will get filled with sinker porn!
a0kami Jan 12, 2021
So, obviously security vulnerabilities are bad and I'm going to update ASAP, but just how bad are these, really? Do I have to worry about some carefully crafted bad GIF on a shady website making my GPU run arbitrary code as root, or what?


Nah, the rendering is done by the browser and through the compositor. You'd likely have to run a rogue application or a very badly designed rendering application that'd run arbitrary code. I'll try to go get some more information.

Fun fact: simple stuff taken for granted like jpg libraries had countless vulns and exploit in older versions, and carefully crafted image files could have been detrimental.
https://security.stackexchange.com/questions/97856/can-simply-decompressing-a-jpeg-image-trigger-an-exploit
Not to even mention ImageTragick.
Philadelphus Jan 13, 2021
Nah, the rendering is done by the browser and through the compositor. You'd likely have to run a rogue application or a very badly designed rendering application that'd run arbitrary code. I'll try to go get some more information.

Fun fact: simple stuff taken for granted like jpg libraries had countless vulns and exploit in older versions, and carefully crafted image files could have been detrimental.
https://security.stackexchange.com/questions/97856/can-simply-decompressing-a-jpeg-image-trigger-an-exploit
Not to even mention ImageTragick.
Interesting, thanks. While my question was a bit hyperbolic, I'm glad to learn about things like this.
slaapliedje Jan 13, 2021
Nah, the rendering is done by the browser and through the compositor. You'd likely have to run a rogue application or a very badly designed rendering application that'd run arbitrary code. I'll try to go get some more information.

Fun fact: simple stuff taken for granted like jpg libraries had countless vulns and exploit in older versions, and carefully crafted image files could have been detrimental.
https://security.stackexchange.com/questions/97856/can-simply-decompressing-a-jpeg-image-trigger-an-exploit
Not to even mention ImageTragick.
Interesting, thanks. While my question was a bit hyperbolic, I'm glad to learn about things like this.
I remember first reading about that and couldn't help but wonder how one would not notice a corrupted image with a payload, but ehen looking into it, sure enough it was possible simply because of the way jpg worked. Crazy.
While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon. Plain Donations: PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
The comments on this article are closed.