Thursday, January 14, 2021

Nvidia warns gamers and miners about GPU glitches - update immediately!

Key facts:
The GeForce maker released patches to fix flaws that affect Windows and Linux systems.
Several of the vulnerabilities make video adapters attack vectors.

Graphics card (GPU) users should download the latest update released by Nvidia as soon as possible to avoid security issues. This is because the manufacturer of the preferred hardware for gamers and cryptocurrency miners, released a series of patches to correct flaws. These vulnerabilities are housed in the video adapter or display driver used to support graphics processing units, as well as in the vGPU software for virtual workstations, servers, applications, and PCs.

According to the report published by the company, the update solves 16 vulnerabilities that affect Windows and Linux operating systems that could be exploited by malicious hackers to manipulate data, paralyze systems with denial of service attacks, escalate privileges or leak confidential information.

The most severe vulnerability received a score of 8.4 out of 10 on the Common Vulnerability Scoring System (CVSS) scale. A standard designed to identify the severity represented by a particular failure or weakness of computer systems.

In particular this critical flaw, identified under the code CVE - 2021-1051 resides in the display driver of GPUs installed in Windows systems. If exploited, it can lead to denial of service attacks or privilege escalation attacks. The positive side of this vulnerability is that an attacker must access the hardware locally to be exploited, which reduces the risk. Even so, you will need to update your drivers to avoid serious consequences.

Other GPU glitches resolved by Nvidia

Another dangerous bug with a severity score of 7.8 / 10, is also in the display driver of Nvidia graphics cards, but it affects not only Windows systems, but also Linux. Allows users to access the API with administrator privileges. As a result, an exploit that exploits this vulnerability could lead to the aforementioned security issues such as denial of service, escalation privileges, and information leaks.

Also, the vGPU plugin from the Nvidia administrator could grant privileges to a guest who was not authorized. That could allow some users, in a virtualized environment, to spy on other vGPU users with the idea of looking at data they might not otherwise see.

Virtual GPUs, also known as vGPUs are useful for graphics-rich virtual desktops and workstations optimized with video cards. They are mainly used by the most powerful data centers in the world, hence the importance of reducing the chances that controller failures can affect these environments.

To contain security concerns, GeForce, NVIDIA RTX / Quadro, and NVS GPU users should download update 461.09 on Windows or 460.32.03 on Linux. The company also mentions the release of patches for vGPU software for Windows and Linux, as well as vGPU software for Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux KVM, and Nutanix AHV.

GPUs are the hardware of choice for mining Ethereum and other cryptocurrencies. In fact, the market for crypto assets has been a catalyst for Nvidia for the past three years, as miners have consumed its GPUs in large quantities to mine cryptocurrencies.

A report from CriptoNoticias two years ago highlights that cryptocurrency miners acquired in 2017 more than 3 million graphic cards - of the AIB (Add-in-Board) type -, for a total cost of USD 776 million. AMD, the other manufacturer of these computers, was the one that made the most profits at that time.

In any case, high-end video cards, originally designed for better clarity and realism in video games, were the first used to achieve higher processing speed in cryptocurrency mining. The next step was the use of cards with processors that employ programmable matrices (FPGAs), then progressed with specialized chips called ASICs (Application Specific Integrated Circuit according to its acronym in English).