The corporation also issued patches for Tesla-primarily based GPUs as aspect of an current, independent security advisory.
NVIDIA has recently disclosed 3 security vulnerabilities in the NVIDIA Shield Television set, which could permit denial of service, escalation of privileges and facts reduction.
The NVIDIA Shield Tv set is a established-top gadget that acts as a hub for the good house, streams Personal computer game titles from a gaming Pc to a Television set and lets nearby and online media playback and streaming. Android game titles suitable with Android Tv are compatible with the Shield Tv and controller, as are those people from the NVIDIA’s GeoForce industry.
Independently, NVIDIA issued an up to date security advisory for a cluster of security bugs in NVIDIA’s movie-pleasant graphics processing unit (GPU) Display screen Driver. These could plague Linux gamers and other people with denial of service, escalation of privileges and info disclosure.
NVIDIA Shield Television set Bugs
When it will come to the internet-of-things (IoT) unit identified as Defend Tv, one particular higher-severity bug (CVE‑2021‑1068) exists in the NVDEC part of the gadget, which is a components-centered decoder. It occurs due to the fact an attacker can examine from or generate to a memory area that is outside the house the intended boundary of the buffer, which may perhaps direct to denial of provider or escalation of privileges. It carries a 7.8 CVSS score.
The other two bugs are medium-severity. The flaw tracked as CVE‑2021‑1069 exists in the NVHost perform, and could lead to an abnormal reboot because of to a null pointer reference, causing details loss.
Yet another, CVE‑2021‑1067 exists in the implementation of the RPMB command position, in which an attacker can write to the Publish Guard Configuration Block, which could lead to denial of provider or escalation of privileges.
To protect a program, end users can download and put in a software program update via the update notification that will seem on the Household Display screen, or by going to Settings>About>System update.
NVIDIA GPU Exhibit Driver Kernel Bugs
Earlier in January, Nvidia patched flaws tied to 16 CVEs across its graphics motorists and vGPU application, in its very first security update of 2021. An updated security advisory now includes the availability of patched Linux drivers for the Tesla line of GPUs, influencing CVE-2021-1052, CVE-2021-1053 and CVE-2021-1056.
Tesla as a line of GPU accelerator boards optimized for higher-functionality, typical-purpose computing. They are used for parallel scientific, engineering, and specialized computing, and they are designed for deployment in supercomputers, clusters and workstations.
The patches tackle 1 superior-severity issue (CVE‑2021‑1052) in the graphics driver, which is the software program component that allows a device’s operating program and packages to use NVIDIA’s high-amount, gaming- and science-optimized graphics components.
uncovered in the Linux kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL. Here, “user-mode clientele can accessibility legacy privileged APIs, which might guide to denial of services, escalation of privileges and facts disclosure,” in accordance to the corporation.
The other two Linux issues rate medium-severity. The very first (CVE‑2021‑1053) also impacts the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL, in which inappropriate validation of a user pointer could direct to denial of assistance.
The next medium bug (CVE‑2021‑1056) is a vulnerability in the kernel method layer (nvidia.ko) in which it does not wholly honor operating procedure file procedure permissions to give GPU product-level isolation, which might guide to denial of service or info disclosure.
Complete particulars on all of the GPU vulnerabilities are available in the security bulletin. Patched versions are as follows:
NVIDIA’s Line of Security Bugs
This is not NVIDIA’s first patching rodeo.
Past calendar year, the corporation issued its truthful share of patches together with fixes for two high-severity flaws in the Windows version of its GeForce Practical experience software program, and a patch for a critical bug in its high-overall performance line of DGX servers, both in Oct and a large-severity flaw in its GeForce NOW application software program for Windows in November.
Down load our special Free of charge Threatpost Insider Book Health care Security Woes Balloon in a Covid-Era Entire world , sponsored by ZeroNorth, to learn additional about what these security threats necessarily mean for hospitals at the day-to-working day amount and how healthcare security groups can put into action best practices to shield companies and clients. Get the whole tale and Obtain the E-book now – on us!