Nvidia wants you to patch your graphics-card drivers, because there are 12 serious security vulnerabilities affecting Nvidia software for Windows and Linux.
The flaws "may lead to denial of service, escalation of privileges, or information disclosure," according to an Nvidia security bulletin (opens in new tab) posted yesterday (June 24). "Code execution" gets mentioned too.
- Our list of the best gaming PCs
- Nvidia GeForce RTX 3080 benchmarks leaked — AMD should worry
- New: Steam Summer Sale 2020 is live — the best deals so far
In other words, the Nvidia software could just stop working, or could be exploited by malware already on the machine to gain administrative privileges, steal personal or sensitive information or run even more malware.
However, the vulnerabilities cannot be exploited from outside your local network, so an attacker would need to be at or close to your machine to use any of the flaws.
Five of the flaws affect the Nvidia GeForce software for Windows, which needs to be updated to version 451.48. Linux GeForce software is affected by two vulnerabilities, one of which is among the Windows five; Linux software needs to be updated to version 450.51. The same vulnerabilities affect the professional Quadro, NVS and Tesla drivers.
The other six flaws affect Nvidia's virtual GPU software for virtual machines in enterprise environments.
To update your drivers, simply make sure you're logged in as a system administrator (the default on both Windows and most versions of Linux), open the GeForce interface and click on the Drivers button on the upper left. Some Linux distributions may package the driver updates with regular software updates.
Alternately, you can go to Nvidia's Driver Downloads page (opens in new tab) and plug in your product and system information to manually download and install the driver.
This is a bigger batch of flaws than the previous Nvidia security updates, which involved two vulnerabilities back in March 2020.