Nvidia, the largest manufacturer of graphics processing units (GPUs) for PC gaming, has patched a high-severity vulnerability. The vulnerability affects Nvidia’s GeForce Experience, which comes bundled with the GTX models of GPUs produced by the company.
The vulnerability was announced in a post to customers warning of CVE‑2021‑1073. CVE‑2021‑1073 is a remote access bug that earns an 8.3 on the Common Vulnerability Scoring System (CVSS) scale. While this score may not be in the “critical” range, anything above 8 is usually considered to be a major threat by security researchers.
The post, found in the Nvidia support section, described the vulnerability in more depth as follows:
Nvidia GeForce Experience software contains a vulnerability where, if a user clicks on a maliciously formatted link that opens the GeForce Experience login page in a new browser tab instead of the GeForce Experience application and enters their login information, the malicious site can get access to the token of the user login session. Such an attack may lead to these targeted users’ data being accessed, altered, or lost.
As of now, customers are urged to patch as soon as possible if they have not already. All versions of GeForce Experience prior to the 3.23 patch are affected by this vulnerability.
Nvidia has had a series of security patches in recent months. Earlier in June, the company had to contend with vulnerabilities in the Jetson Series of products. Additionally, in April, Nvidia patched numerous vulnerabilities in their GPU display driver. All these incidents dealt with vulnerabilities classified as “high severity” on the CVSS scale.
At the moment, there are no known instances of CVE‑2021‑1073 being exploited in the wild, but this will likely change. Security bulletins are always a Catch-22. In one sense, they are great because they provide customers with the knowledge to protect themselves. On the other hand, if malicious actors were not aware of an unexploited vulnerability, they most certainly will be post-disclosure.
Featured image: Flickr / FritzchensFritz