Here we are again. NVIDIA has today sent out a security bulletin to inform users on Linux and Windows to ensure your GPU drivers are up to date due to freshly revealed security problems.
The issues can result in information disclosure, data tampering, and denial of service. As always, even if you think you're not vulnerable for whatever reason, upgrading is highly recommended now.
Here's those that are specific to Linux:
CVE ID | Description | Base Score | Vector |
---|---|---|---|
CVE‑2021‑1090 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for control calls where the software reads or writes to a buffer by using an index or pointer that references a memory location after the end of the buffer, which may lead to data tampering or denial of service. | 7.1 | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
CVE‑2021‑1093 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in firmware where the driver contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary, and may lead to denial of service or system crash. | 6.2 | AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
CVE‑2021‑1094 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an out of bounds array access may lead to denial of service or information disclosure. | 6.1 | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H |
CVE‑2021‑1095 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handlers for all control calls with embedded parameters where dereferencing an untrusted pointer may lead to denial of service. | 5.5 | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Those are what's relevent to us normal desktop users. However there's also issues identified in their NVIDIA vGPU Software too.
How to know if you're okay? NVIDIA also detailed what driver versions are good:
Software Product | Operating System | Driver Branch | Affected Driver Versions | Updated Driver Version |
---|---|---|---|---|
GeForce | Linux | R470 | All versions | 470.57.02 |
R460 | All versions prior to 460.91.03 | 460.91.03 | ||
NVIDIA RTX/Quadro, NVS | Linux | R470 | All versions | 470.57.02 |
R460 | All versions prior to 460.91.03 | 460.91.03 | ||
R390 | All versions prior to 390.144 | 390.144 |
In other words, grabbing the very latest driver (NVIDIA 470.57.02 from July 20) is likely your best choice and with all the new features too, it's a good one to try out regardless.
Quoting: GuestI really wonder why Linux players keep buying nVIDIA GPUs despite these being the worst option we have on Linux for at least half a dozen years already…
AMD hasn't been a viable gaming option in laptops for years as there hasn't been much available in the way of gaming laptops with AMD dGPU's. Fortunately, it sounds like that might be finally starting to change. Sounds like there will be a version of the Lenovo Legion in the coming months that will have an AMD dGPU.
Also, it wasn't until recently that for the first time in a while that AMD has become competitive with Nvidia in terms of performance, which is great.
Quoting: morbiusUpdated to 470.57.02, seems to be working. It was a solid excuse for me to migrate on a new stable driver branch.
Spoke too soon. Browsers started doing small freezes while scrolling content and their video playback also has small freezes and stutters. Rolling back the old 460 driver to check if 470 was indeed the cause.
Quoting: scainethat's just a Linux issue
Mmm, yes and no. It's an AMD issue and also a DRIVER issue but NOT a hardware issue. And no, I'm not a "fan" of any of the companies, I just use whatever works best and faster. For over 10 years I used about 12 different AMD cards - back when I was a Windows user. There's a lot I can say about AMD but they all had one thing in common: too hot and too slow, all AMD failed at AA and AF + the R-series had a bad driver, constantly crashing. Since 2015 (when I migrated to linux) I'm with nvidia and all of the problems I ever had with AMD cards disappeared, including the crashing driver. I also don't have to look at games' requirements anymore - I just run and play them. :D The ONLY 2 AMD cards from those times that I ever owned that performed better than any nvidia were Radeon 9550 with a missing fan and later - HD6670.
As for the nvidia security issues, I'm pretty sure that for these issues to work there must be certain conditions met (just like with many of the linux kernel sec. issues), so I for one have nothing to worry about.
See more from me