Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Bug Graphics Windows Linux

NVIDIA Fixes High Severity Flaws Affecting Windows, Linux devices (bleepingcomputer.com) 24

Posted by EditorDavid from the bad-bugs dept.
Bleeping Computer reports: NVIDIA has released security updates to address six security vulnerabilities found in Windows and Linux GPU display drivers, as well as ten additional flaws affecting the NVIDIA Virtual GPU (vGPU) management software. The vulnerabilities expose Windows and Linux machines to attacks leading to denial of service, escalation of privileges, data tampering, or information disclosure.

All these security bugs require local user access, which means that potential attackers will first have to gain access to vulnerable devices using an additional attack vector. Following successful exploitation of one of the vulnerabilities patched today, attackers can easily escalate privileges to gain permissions above the default ones granted by the OS.
This discussion has been archived. No new comments can be posted.

NVIDIA Fixes High Severity Flaws Affecting Windows, Linux devices More

NVIDIA Fixes High Severity Flaws Affecting Windows, Linux devices

Comments Filter:

  • 650GB for a driver??? (Score:5, Informative)

    by qubezz ( 520511 ) on Saturday January 09, 2021 @10:55PM (#60918380)
    90% of this is bloat. Be sure to follow the procedures found online to disable the telemetry components of the driver either from the installer or to remove the telemetry components installed. Only the "game ready" driver seems to have been updated to Jan 7.

    • Re: (Score:1)

      by Anonymous Coward

      650GB for a driver???

      If you are going to be outraged about a specific detail of something, then you should make sure to state said detail correctly.

      Hint: Your unit is wrong. By a factor of 1024 (or 1000, depending on your preferences) to be precise.

      • Re: (Score:3, Insightful)

        by Viol8 ( 599362 )

        Even 650MB for a driver is taking the piss frankly. What the hell does it need to do other than translate graphics requests into hardware specific actions and DMA data? A meg or 2 at most to do that.

        • Well, the same can be said for a word processor or an operating system, to be fair.

        • Even 650MB for a driver is taking the piss frankly. What the hell does it need to do other than translate graphics requests into hardware specific actions and DMA data? A meg or 2 at most to do that.

          A meg or 2 at the most for what driver? Display 2D graphics? What about the Vulkan API? Or DirectX API hooks? Or your audio driver? Or HDCP driver? Or USB3.2 driver? Or SLI driver? Or the video acceleration?

          If you cut down the driver to the bare minimum to just get your hardware to function you're still an order of magnitude above 2MB. A graphics card does far more than just display shit on the screen. Also when you're done with all of this most games won't run since you've provided neither the APIs nor the

          • Re: (Score:1)

            by Viol8 ( 599362 )

            The card does the heavy lifting numbnuts, the driver just feeds it formatted data.

            "Strip it all down to the bare minimum and you're well over 100MB"

            Yeah sure, whatever. Stick to coding in whatever bloatware scripting language and "frameworks" do it for you.

            • The card does the heavy lifting numbnuts, the driver just feeds it formatted data.

              I mean we all know you have no idea about what the GPU driver does, you don't need to repeat it.

              Yeah sure, whatever. Stick to coding in whatever bloatware scripting language and "frameworks" do it for you.

              How about none? Which is probably what NVIDIA do too considering their RAW driver package was 100MB + back before "scripting language and frameworks" were a thing in your vocabulary.

              • Go in genius, fill me in. Going to tell me all the direct X and open GL transforms are in software in the driver and the GPU is just a dumb framebuffer, right?

                Whatever. When you have a clue get back to me.

                • Re: (Score:2)

                  by tlhIngan ( 30335 )

                  Go in genius, fill me in. Going to tell me all the direct X and open GL transforms are in software in the driver and the GPU is just a dumb framebuffer, right?

                  And if you believe that, you can go back to 2003 when the GeForce2 ruled the world. The GeForce3 added programmable shaders, and those are little programs that run on the card hardware and operate on (at the time) pixels and vertices before and after rasterization.

                  That small development lead to the current day GPGPU and things like Vulkan and DirectX

    • Re:650GB for a driver??? (Score:4, Insightful)

      by thegarbz ( 1787294 ) on Sunday January 10, 2021 @11:17AM (#60920470)

      One man's bloat is another's critical feature. The GPU driver is a tiny component of this. The download also includes libraries used by games for physics (physx) some CUDA runtimes, a metric fuckton of fixes for individual games. This all comes to a couple of hundred MB just to make a game run. Then there's the value added parts, the overlay, performance monitoring, diagnostic tools, broadcast and recording features, a complete audio subsystem, USB drivers (because some cards have USB)... blaming "telemetry" is pretty ignorant view.

      You may not use them all, but plenty of people do, and diskspace is plentiful these days. The world has proven over the past 20 years that all you achieve by splitting drivers into individual packages achieves nothing other than to fill up support forums with "why does X not work" type questions.

    • Re: (Score:2)

      by labnet ( 457441 )

      ...and Audio drivers that are 500Mb. Wtf.

    • GB? (Score:2)

      by antdude ( 79039 )

      WTF?

  • So, like covid, my nerd lifestyle has provided a remarkably strong defence!
    Take THAT normal people, what with your friends and associated security vulnerabilities.

  • the old nvida update checker with no login needed was nice but they they added tracking and forced you to make account to use it.

  • Is webGL considered "local user access"? (Score:3)

    by BAReFO0t ( 6240524 ) on Sunday January 10, 2021 @08:08AM (#60919938)

    I bet it is.

    Also, why is our PC OS security model still acting like it is on a mainframe with a root admin where only root access is seen as a problem?
    If it can delete my pictures, read my browser password database, and alter my spreadsheets/code, there really is no point in obtaining root.

    • In a modern GPU, different contexts shouldn't be able to access each other's data. In a consumer GPU, it is often possible to construct a denial-of-service such that one rogue context prevents any new work from being scheduled on the rest. That's bad, but not usually a deal breaker. Newer GPUs don't have this problem, it started turning into a requirement around when Windows Vista's UI could hang from a bad game. It only took the industry 10 years to address it ...

  • For those on Windows, try using this tool... (Score:3)

    by trparky ( 846769 ) on Sunday January 10, 2021 @03:46PM (#60921532) Homepage
    For those on Windows, use TechPowerUp's NVCleanInstall [techpowerup.com]. It allows you to completely customize the installation of the nVidia driver and only install what you want. I, myself, use it and only install the bare requirements which is like two or three components and it allows you to removed the telemetry too.
    • No mod points unfortunately but nice, thanks.
      Will definitely give it a go next time I install Windows.

Slashdot Top Deals

It appears that PL/I (and its dialects) is, or will be, the most widely used higher level language for systems programming. -- J. Sammet

Close