GOT AN NVIDIA GRAPHICS CARD? Then you'd best upgrade to the latest drivers as five security flaws have been found in the older software.
These flaws were branded by Nvidia as high to medium severity and could leave systems open to privilege escalation attacks, denial of service attacks on Windows PCs, and local system code execution.
Other problems include the exposure of data and allowing specifically crafted malicious shaders to bork a GPU's input texture array to cause out of bounds access to the array. Basically, the flaws could lead to some serious problems for Nvidia users, up to effectively borking a computer if a full denial of service attack is executed.
GeForce cards on Windows 10 machines are affected if they are using the R430 build and are running drivers prior to 431.60. Quadro and NVS GPUs with the R430 build are affected if they are running drivers prior to 431.70, while GPUs with the R418 build are affected if they are running patches older than 426.00; all cards with the R400 build, as are R390 builds running drivers prior to 392.56.
Tesla GPUs don't get a free pass either, as all graphics accelerators with the R418 build are affected.
Patches that plug the flaws are available now for all cards except the Tesla R418 versions and the Quadro and NVS with the R400 build; drivers for those will come out 12 August and 19 August, respectively.
Nvidia said fixes might also be pushed put by GPU hardware makers: "Your computer hardware vendor may provide you with Windows driver version 431.23, 425.85, or 412.39 which also contain the security update."
Also, if you know the innards of your graphics card's build well, Nvidia added that its list of affected GPUs and versions "may not be a comprehensive list" of all those affected by the flaws. So best get patching just to be safe.
All in all, these flaws aren't likely to be exploited in a fashion that affects the average Jill or Jack at least, but it's worth making sure you're running the latest patches all the same, not least because they can offer performance boosts. µ
Linux hits the DeX
The Net' is closing in
Firm was quick to CClean up after the attack
Sorry (not Siri)