Do you use NVIDIA GPUs on your business network?
If you have computers on your corporate network that rely on NVIDIA hardware and software, be advised that the company recently released security updates to address serious security vulnerabilities found in CUDA and GPU Display drivers and Virtual GPU Management software. These are security flaws that could lead to an escalation of privileges, denial of service, and arbitrary code execution on both Linux and Windows machines.
All of the flaws are rated as serious or higher, but it should be noted that all of them require local user access. They cannot be exploited remotely. Once hackers have gained a foothold on a target machine, they could launch attacks designed to abuse these bugs. So it pays to treat the issue seriously and apply the patch as soon as possible.
The good news is that when you install the latest security patch, you'll get fixes for a wide range of issues with severity ratings ranging from 7.8 to 4.4.
Here are what the latest patch addresses
Listed in order of relative severity:
- CVE-2020-5962, CVE-2020-5963, CVE-2020-5968, CVE-2020-5969, CVE-2020-5970, and CVE-2020-5971 (All have a severity rating of 7.8)
- CVE-2020-5964 (Severity rating: 6.5)
- CVE-2020-5965, CVE-2020-5966, CVE-2020-5967, and CVE-2020-5972 (All have a severity rating of 5.5)
- CVE-2020-5973 (Severity rating: 4.4)
If any of the machines on your network utilize GeForce, Quadro, NVS, Tesla GPU drivers, or the Virtual GPU Manager, be sure to grab the latest security patch from NVIDIA's driver download page.
Our perspective
If you're a Windows user and not in the habit of patching your drivers manually, you may also receive Windows GPU display driver 451.55, 446.06, and 443.18 from your hardware vendor. Enterprise users will need to log into the NVIDIA Enterprise Application hub to get the latest updates. However you get them, the important thing is to install them to patch yourself out of harm's way.
~ As Hill Street Blues' Sgt. Esterhaus always advised: "Hey, let's be careful out there! " ~
By Denis Wilson and Melissa Stockwell
Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available on LinkedIn, Facebook, and Twitter.
I am Denis Wilson, President and Principal Consultant for DWP Information Architects. We build people / process / technology solutions to create better business outcomes for smaller enterprises in Los Angeles. We have created cost-effective automation solutions, for over 20 years, focusing on reliability, cybersecurity, and regulatory compliance.
I am also a published author and speaker, working extensively with business and professional associations to provide small business technology education programs.
Contact me if you would like me to speak at your association
