NVIDIA Fixes High Severity Flaws Affecting Windows, Linux devices (bleepingcomputer.com) 24
Bleeping Computer reports:
NVIDIA has released security updates to address six security vulnerabilities found in Windows and Linux GPU display drivers, as well as ten additional flaws affecting the NVIDIA Virtual GPU (vGPU) management software. The vulnerabilities expose Windows and Linux machines to attacks leading to denial of service, escalation of privileges, data tampering, or information disclosure.
All these security bugs require local user access, which means that potential attackers will first have to gain access to vulnerable devices using an additional attack vector. Following successful exploitation of one of the vulnerabilities patched today, attackers can easily escalate privileges to gain permissions above the default ones granted by the OS.
All these security bugs require local user access, which means that potential attackers will first have to gain access to vulnerable devices using an additional attack vector. Following successful exploitation of one of the vulnerabilities patched today, attackers can easily escalate privileges to gain permissions above the default ones granted by the OS.
650GB for a driver??? (Score:5, Informative)
Re: (Score:1)
650GB for a driver???
If you are going to be outraged about a specific detail of something, then you should make sure to state said detail correctly.
Hint: Your unit is wrong. By a factor of 1024 (or 1000, depending on your preferences) to be precise.
Re: (Score:3, Insightful)
Even 650MB for a driver is taking the piss frankly. What the hell does it need to do other than translate graphics requests into hardware specific actions and DMA data? A meg or 2 at most to do that.
Re: (Score:2)
Re: (Score:3)
Even 650MB for a driver is taking the piss frankly. What the hell does it need to do other than translate graphics requests into hardware specific actions and DMA data? A meg or 2 at most to do that.
A meg or 2 at the most for what driver? Display 2D graphics? What about the Vulkan API? Or DirectX API hooks? Or your audio driver? Or HDCP driver? Or USB3.2 driver? Or SLI driver? Or the video acceleration?
If you cut down the driver to the bare minimum to just get your hardware to function you're still an order of magnitude above 2MB. A graphics card does far more than just display shit on the screen. Also when you're done with all of this most games won't run since you've provided neither the APIs nor the
Re: (Score:1)
The card does the heavy lifting numbnuts, the driver just feeds it formatted data.
"Strip it all down to the bare minimum and you're well over 100MB"
Yeah sure, whatever. Stick to coding in whatever bloatware scripting language and "frameworks" do it for you.
Re: (Score:2)
The card does the heavy lifting numbnuts, the driver just feeds it formatted data.
I mean we all know you have no idea about what the GPU driver does, you don't need to repeat it.
Yeah sure, whatever. Stick to coding in whatever bloatware scripting language and "frameworks" do it for you.
How about none? Which is probably what NVIDIA do too considering their RAW driver package was 100MB + back before "scripting language and frameworks" were a thing in your vocabulary.
Re: 650GB for a driver??? (Score:2)
Go in genius, fill me in. Going to tell me all the direct X and open GL transforms are in software in the driver and the GPU is just a dumb framebuffer, right?
Whatever. When you have a clue get back to me.
Re: (Score:2)
And if you believe that, you can go back to 2003 when the GeForce2 ruled the world. The GeForce3 added programmable shaders, and those are little programs that run on the card hardware and operate on (at the time) pixels and vertices before and after rasterization.
That small development lead to the current day GPGPU and things like Vulkan and DirectX
Re:650GB for a driver??? (Score:4, Insightful)
One man's bloat is another's critical feature. The GPU driver is a tiny component of this. The download also includes libraries used by games for physics (physx) some CUDA runtimes, a metric fuckton of fixes for individual games. This all comes to a couple of hundred MB just to make a game run. Then there's the value added parts, the overlay, performance monitoring, diagnostic tools, broadcast and recording features, a complete audio subsystem, USB drivers (because some cards have USB)... blaming "telemetry" is pretty ignorant view.
You may not use them all, but plenty of people do, and diskspace is plentiful these days. The world has proven over the past 20 years that all you achieve by splitting drivers into individual packages achieves nothing other than to fill up support forums with "why does X not work" type questions.
Re: (Score:2)
...and Audio drivers that are 500Mb. Wtf.
GB? (Score:2)
WTF?
Re: bugs require local user access? (Score:2)
Take THAT normal people, what with your friends and associated security vulnerabilities.
the old nvida update checker with no login needed (Score:2)
the old nvida update checker with no login needed was nice but they they added tracking and forced you to make account to use it.
Re: (Score:2)
Re: (Score:2)
but why not have what AMD has an DRIVER update checker the does not need an login.
Update checker... (Score:2)
... Has Windows STILL not gotten a package manager??
Seriously? In 2021?
Re: (Score:2)
Windows Store. Do not want.
Is webGL considered "local user access"? (Score:3)
I bet it is.
Also, why is our PC OS security model still acting like it is on a mainframe with a root admin where only root access is seen as a problem?
If it can delete my pictures, read my browser password database, and alter my spreadsheets/code, there really is no point in obtaining root.
Re: (Score:2)
In a modern GPU, different contexts shouldn't be able to access each other's data. In a consumer GPU, it is often possible to construct a denial-of-service such that one rogue context prevents any new work from being scheduled on the rest. That's bad, but not usually a deal breaker. Newer GPUs don't have this problem, it started turning into a requirement around when Windows Vista's UI could hang from a bad game. It only took the industry 10 years to address it ...
For those on Windows, try using this tool... (Score:3)
Re: (Score:1)
Will definitely give it a go next time I install Windows.