Nvidia patches 12 serious security flaws — what to do right now

(Image credit: Nvidia)

Nvidia wants you to patch your graphics-card drivers, because there are 12 serious security vulnerabilities affecting Nvidia software for Windows and Linux.

The flaws "may lead to denial of service, escalation of privileges, or information disclosure," according to an Nvidia security bulletin posted yesterday (June 24). "Code execution" gets mentioned too.

In other words, the Nvidia software could just stop working, or could be exploited by malware already on the machine to gain administrative privileges, steal personal or sensitive information or run even more malware. 

However, the vulnerabilities cannot be exploited from outside your local network, so an attacker would need to be at or close to your machine to use any of the flaws.

Five of the flaws affect the Nvidia GeForce software for Windows, which needs to be updated to version 451.48. Linux GeForce software is affected by two vulnerabilities, one of which is among the Windows five; Linux software needs to be updated to version 450.51. The same vulnerabilities affect the professional Quadro, NVS and Tesla drivers.

The other six flaws affect Nvidia's virtual GPU software for virtual machines in enterprise environments.

To update your drivers, simply make sure you're logged in as a system administrator (the default on both Windows and most versions of Linux), open the GeForce interface and click on the Drivers button on the upper left. Some Linux distributions may package the driver updates with regular software updates.

Alternately, you can go to Nvidia's Driver Downloads page and plug in your product and system information to manually download and install the driver.

This is a bigger batch of flaws than the previous Nvidia security updates, which involved two vulnerabilities back in March 2020.

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.