Nvidia graphics card flaws could let hackers hijack your PC — what to do now

Nvidia GeForce RTX 3060 Ti
No, we can't find any of these either. (Image credit: Nvidia)

Happy new year! Nvidia has released a new round of security patches for its Windows and Linux graphics drivers and vGPU software, fixing 16 flaws that could let miscreants carry out various attacks.

The flaws "may lead to denial of service, escalation of privileges, data tampering, or information disclosure," Nvidia said in a security bulletin released yesterday (Jan. 7). 

In plain English, that means attackers could make graphics cards stop working, get control of PCs, change files or steal sensitive data.

On the bright side, exploiting any of these flaws requires local access to a PC or Linux box. That means an attacker needs to be using the computer, or perhaps another computer on the local network, to be successful, or to use other means to plant malware on the machine that could carry out the attack.

We'll spare you the gory technical details of each flaw, but you can read about them in a handy chart that Nvidia has placed on its security bulletin.

How to get the Nvidia graphics fixes

Users of Nvidia consumer graphics cards who have the GeForce Experience desktop application installed will be prompted to install the updates. (Ours came through this morning.) Windows users of Nvidia GeForce cards will be updated to driver version 461.09.

If you don't have GeForce Experience installed, or the updates don't materialize, then you can get the patches directly from the Nvidia Driver Downloads as long as you know what kind of graphics card you have.

Alternatively, Nvidia noted in its security bulletin, "your computer hardware vendor may provide you with Windows GPU display driver versions including 460.84, 457.49, and 452.66, which also contain the security updates."

Linux users may get the patches in their daily software updates. If not, then the Nvidia Driver Downloads will be able to provide the patches.

This doesn't make Nvidia GPUs any easier to find

Nvidia's been in the news lately because it's darned hard to find any of its new-generation GeForce graphics cards, such as the RTX 3060 Ti, RTX 3070, RTX 3080 and $1,500 RTX 3090.  Supplies are so short and demand so high that prices have doubled for Nvidia's previous generation of GPUs, the RTX 20 series. The flaws being patched affect drivers for all of these cards.

Ten of the 16 flaws affect only Nvidia's vGPU software, which lets multiple virtual machines — software-only computers running within other computers — access a single graphics card. That kind of setup is primarily in enterprise, not consumer, environments.

In 2020, Nvidia released at least three rounds of security patches for its graphics drivers and desktop software. That's not a bad sign, because all software has flaws and this steady stream of fixes shows that Nvidia is keeping on top of things.

TOPICS
Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.