NVIDIA has today revealed a bunch of new vulnerabilities in the GPU drivers that affect both Linux and Windows.
Here's the the list of what directly affects Linux:
CVE IDs | Description |
---|---|
CVE‑2021‑1076 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of service, information disclosure, or data corruption. |
CVE‑2021‑1077 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where the software uses a reference count to manage a resource that is incorrectly updated, which may lead to denial of service. |
The driver versions you're going to want to have:
Driver Branch | Affected Versions | Updated Driver Version |
---|---|---|
R465 | All versions prior to 465.24.02 | 465.24.02 |
R460 | All versions prior to 460.73.01 | 460.73.01 |
R450 | All versions prior to 450.119.03 | 450.119.03 |
R390 | All versions prior to 390.143 | 390.143 |
From the information provided, it affects older GeForce cards as well as the newer RTX generation, plus Quadro / NVS too. So no matter what generation you're on, it's probably a good idea to get updating as soon as you can. Most distributions will have their own way of installing NVIDIA drivers, so it will depends on what you've got currently installed.
See the NVIDIA security page for more.
Some you may have missed, popular articles from the last month:
All posts need to follow our rules. For users logged in: please hit the Report Flag icon on any post that breaks the rules or contains illegal / harmful content. Guest readers can email us for any issues.
13 comments
I just got an update on Debian stable with back ports today too version Nvidia 460.67.
I have been using Debian Stable with NVIDIA drivers for 10+ years, but I'm thinking I may need to switch. Does any one have any comments on Arch over Debian?
I have been using Debian Stable with NVIDIA drivers for 10+ years, but I'm thinking I may need to switch. Does any one have any comments on Arch over Debian?
0 Likes
Isn't the 390 series too old to support any RTX chipsets? Sounds like (at least one of) the bugs have been around for quite some time.
Edit: maybe they updated the page since the article was written, but they do list GeForce as well as "NVIDIA RTX/Quadro, NVS"
Also, you can see that R390 was only affected by one of the issues, so perhaps the other only affects newer hardware; the CVE description is too vague to tell for sure.
Last edited by Phlebiac on 21 April 2021 at 6:42 am UTC
Edit: maybe they updated the page since the article was written, but they do list GeForce as well as "NVIDIA RTX/Quadro, NVS"
Also, you can see that R390 was only affected by one of the issues, so perhaps the other only affects newer hardware; the CVE description is too vague to tell for sure.
Last edited by Phlebiac on 21 April 2021 at 6:42 am UTC
0 Likes
I just got an update on Debian stable with back ports today too version Nvidia 460.67.
I have been using Debian Stable with NVIDIA drivers for 10+ years, but I'm thinking I may need to switch. Does any one have any comments on Arch over Debian?
I don't. :D ~23 years happy Debian here. Installed a Suse eons ago and have Ubuntu on my HTPC (VDR). Why do you think it's time to change for you?
0 Likes
Edit: maybe they updated the page since the article was written, but they do list GeForce as well as "NVIDIA RTX/Quadro, NVS"They could definitely make the list clearer for sure. Not exactly clear. The Windows table separates GeForce properly, the Linux table does not and mixes ot woth RTX so it's hard to tell exactly.
Also, you can see that R390 was only affected by one of the issues, so perhaps the other only affects newer hardware; the CVE description is too vague to tell for sure
Edit: actually seems they did update it, is clearer now.
Last edited by Liam Dawe on 21 April 2021 at 8:44 am UTC
0 Likes
I just got an update on Debian stable with back ports today too version Nvidia 460.67.
I have been using Debian Stable with NVIDIA drivers for 10+ years, but I'm thinking I may need to switch. Does any one have any comments on Arch over Debian?
I personally love using Arch, easy and convenient, at least in my case. Up to date packages, never had any problems. Pacman is a great package manager, and having AUR at your dispense is great. :) But you'll most like have to sit down and think about what attracts you to Debian, and if you want to leave it behind. Feel free to PM me, if you want to.
0 Likes
I just got an update on Debian stable with back ports today too version Nvidia 460.67.
I have been using Debian Stable with NVIDIA drivers for 10+ years, but I'm thinking I may need to switch. Does any one have any comments on Arch over Debian?
I use Debian on my laptop and Arch (LTS kernel) on my gaming rig. Once I set things up, it's not very different. Most notable differences are the package manager and the fact that Arch gets updates every second day. I usually update it 2 times a week, no issues. Advantage of that is that I always have the most up to day (non-beta) drivers without having to do anything extra.
0 Likes
Hmm. Stock *buntu seems to be late in the game.
My system updated from 460.39 to 460.56 a week ago. Nothing since.
My system updated from 460.39 to 460.56 a week ago. Nothing since.
0 Likes
I just got an update on Debian stable with back ports today too version Nvidia 460.67.
I have been using Debian Stable with NVIDIA drivers for 10+ years, but I'm thinking I may need to switch. Does any one have any comments on Arch over Debian?
Well, it can be slightly different and it can be fundamentally different, but it will be different for sure.
Slightly: much more frequent updates (somebody said every second day; ha! try every second hour) but much faster updates; no user-friendly Debian provisioning and no preconfigured "sane defaults" (it's your own job to tailor your system and your installed packages to fit your own needs); newer app versions and many more apps in the repos; much more transparent folder hierarchy (e.g. there's only one /bin folder); etc.
Fundamentally (if you choose so): running parts or all of the Linux stack (GPU drivers, kernel, Mesa, Wine/Proton, Ffmpeg, or whatever else) at their latest and greatest (...and buggiest) git versions, and even patching/modifying them on the fly as you please before you compile them; creating new packages for whatever apps may take your fancy that do not exist in the repos (or do exist but irk you for some reason) and then managing them through the system package manager like normal packages; going Gentoo and compiling everything from source using Arch's "official" compilation options via the ABS; etc.
The biggest thing with Arch Linux is that it forces you to become involved with your system in order to make it function correctly, at least for the first few months before everything is set just the way you like it. Whether you like that or not is yours to decide.
A simple example for what "involved" means: a couple of years ago I was annoyed that KDE's Dolphin wouldn't display thumbnails for WebP images. Well, after spending an afternoon or two googling for the solution and finding nothing, I eventually discovered that my system was missing a package called qt5-imageformats which is an optional dependency for KDE to display WebP thumbnails; but because that package is not part of the KDE group, I never saw it and so I never knew I needed to install it in order to have a fully functional KDE system. And there was nothing on Google when I looked it up because most distros come with such stuff already preconfigured, and so they already include qt5-imageformats when you opt to install their KDE version; so for most people out there, WebP thumbnail support in KDE has never been an issue!
Lesson learned: always check the optional dependencies of packages you install (I've since caught me a few more occasions like this where an "optional" dependency turned out to be absolutely required for full functionality).
0 Likes
Hmm. Stock *buntu seems to be late in the game.
My system updated from 460.39 to 460.56 a week ago. Nothing since.
The updated versions should be in the different supported Ubuntu releases soon, see https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers-460-server/+bug/1923062
See also the queuebot messages in yesterday ubuntu-release IRC log: https://irclogs.ubuntu.com/2021/04/20/%23ubuntu-release.html
The updates should be available soon. I guess Hirsute is not mentioned due to its pending release tomorrow but should get them soon too.
1 Likes, Who?
The updates should be available soon.
Thanks for the info. Good to know it is in the works. My systems are not high-risk, but I am sure there are others that are.
Last edited by no_information_here on 21 April 2021 at 8:57 pm UTC
0 Likes
The updates should be available soon.
Thanks for the info. Good to know it is in the works. My systems are not high-risk, but I am sure there are others that are.
I got the 460.73.01 drivers on my 20.04 system today.
And its upgraded for all releases from 18.04 up to the upcoming 21.10 impish idri, except for the eol ones:
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-460
1 Likes, Who?
I got the 460.73.01 drivers on my 20.04 system today.Me, too!
1 Likes, Who?
I got the 460.73.01 drivers on my 20.04 system today.Me, too!
Update came through for me as well.
0 Likes
See more from me