Skip to main content

Nvidia patches 12 serious security flaws — what to do right now

(Image credit: Nvidia)

Nvidia wants you to patch your graphics-card drivers, because there are 12 serious security vulnerabilities affecting Nvidia software for Windows and Linux.

The flaws "may lead to denial of service, escalation of privileges, or information disclosure," according to an Nvidia security bulletin posted yesterday (June 24). "Code execution" gets mentioned too.

In other words, the Nvidia software could just stop working, or could be exploited by malware already on the machine to gain administrative privileges, steal personal or sensitive information or run even more malware. 

However, the vulnerabilities cannot be exploited from outside your local network, so an attacker would need to be at or close to your machine to use any of the flaws.

Five of the flaws affect the Nvidia GeForce software for Windows, which needs to be updated to version 451.48. Linux GeForce software is affected by two vulnerabilities, one of which is among the Windows five; Linux software needs to be updated to version 450.51. The same vulnerabilities affect the professional Quadro, NVS and Tesla drivers.

The other six flaws affect Nvidia's virtual GPU software for virtual machines in enterprise environments.

To update your drivers, simply make sure you're logged in as a system administrator (the default on both Windows and most versions of Linux), open the GeForce interface and click on the Drivers button on the upper left. Some Linux distributions may package the driver updates with regular software updates.

Alternately, you can go to Nvidia's Driver Downloads page and plug in your product and system information to manually download and install the driver.

This is a bigger batch of flaws than the previous Nvidia security updates, which involved two vulnerabilities back in March 2020.

Paul Wagenseil
Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. That's all he's going to tell you unless you meet him in person.