Nvidia Fixes Their Driver Issues (it's not just AMD who has driver issues)

[linuxChips2600]

Summary

Many of us heard about AMD's previous issues with their RDNA-based consumer GPU drivers, but this time it was Nvidia's turn to fix problems with their drivers, which involved BOTH their consumer and enterprise-grade hardware.  In its first security update of 2021, Nvidia made some critical patches to their drivers which would've otherwise allowed ill-intentioned hackers to tamper with/sniff out sensitive data, carry out Denial-Of-Service (DOS) attacks, or execute general privilege escalation (i.e. unauthorized access to protected resources).

 

 

Highlights

Quote

The most severe of [the driver issues] (CVE‑2021‑1051) is an issue in the graphic drivers’ kernel mode layer. This flaw ranks 8.4 out of 10 on the CVSS scale, making it high severity.

[In the case of this issue], the layer (nvlddmkm.sys) handler for the DxgkDdiEscape [sic] interface [contained] a glitch where an operation is performed that could be abused to launch a denial-of-service (DoS) attack or escalate privileges.

 

As if the "DxgkDdiEscape interface" handler haven't given Nvidia enough trouble already...

 

Quote

[According to Nvidia], another high-severity flaw (CVE‑2021‑1052) in this same kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape could [also allow] denial of service [attacks], escalation of privileges, and [unauthorized] information disclosure.

 

But wait, there's even more from "DxgkDdiEscape interface!"

 

Quote

Nvidia also stomped out four medium-severity flaws in its graphics driver. Three of these (CVE‑2021‑1053, CVE‑2021‑1054, CVE‑2021‑1055) also stem from the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape...

 

Alright, we get it!  But what about the enterprise stuff, like virtual GPU (vGPU) managers? (As Linus himself has pointed out in previous videos, Nvidia reserves virtualization of their GPUs for enterprise-grade hardware)  Well, basically the issues mentioned in the original article I read involve potential DOS attacks and loss of data integrity/confidentiality, e.g. -

 

Quote

One high-severity flaw [exists] in a plugin within the vGPU manager (CVE‑2021‑1057). This issue could allow guests to allocate some resources for which they are not authorized – which according to Nvidia could lead to data integrity and confidentiality loss, DoS and information disclosure.

 

But this can't possibly affect Linux as well, righ---

 

Quote

Various Nvidia GeForce Windows and Linux driver branches are affected; Nvidia has released a full list of affected versions and updated driver versions on its security advisory.

 

 

My thoughts

 

1. If you give two hoots about the security of your computers containing NVIDIA graphics cards, UPDATE YOUR NVIDIA DRIVERS NOW (unless if you own a GeForce 300 series or older GPU; even Linux can't save you if you use the proprietary drivers, at least according to https://wiki.debian.org/NvidiaGraphicsDrivers#Version_340.108_.28legacy_GPUs.29).

2. As hinted by my title and intro, this article caught my eye especially as this was the first time I stumbled upon current news about Nvidia fixing serious driver issues, especially as they were security issues.

 

3. I'm sure that Nvidia will continue to proactively address issues with their drivers moving forward, especially given increasing competition from AMD, but given how Nvidia themselves have released at least one previous security bulletin documenting eerily similar issues with, you guessed it, the handler for DxgkDdiEscape (please refer to https://nvidia.custhelp.com/app/answers/detail/a_id/4247/~/security-bulletin%3A-vulnerabilities-in-nvidia-windows-gpu-display-driver-and), who knows how long Nvidia has actually known each of the listed issues for.

4. If you are seriously considering switching to Linux at this point because of num. 3 (especially as it's specifically about the Windows Nvidia Drivers), unfortunately I have bad news for you - Nouveau, the open-source equivalent of Nvidia drivers in Linux (which as all of you are probably aware has received very minimal support from Nvidia since the beginning of its development) is still pretty garbage (especially with Maxwell and newer GPUs) for pretty much all GPU-intensive tasks on Linux, as backed up by Phoronix's assessment detailed in this article from this past year: https://www.phoronix.com/scan.php?page=article&item=opensource-turing-3d&num=1

 

5. This is about how the original article is worded itself, but I just find it strange that the article would state that Nvidia makes "gaming-friendly graphics processing units."  Like, since when were consumer GPUs not supposed to be "gaming-friendly", driver, cost, and availability issues aside?

 

 

Sources

Original article which I stumbled across in my Pixel 3 Google news feed - https://threatpost.com/nvidia-windows-gamers-graphics-driver-flaws/162857/

Cross-reference with Nvidia's own January 2021 security bulletin - https://nvidia.custhelp.com/app/answers/detail/a_id/5142

 

P.S. I hope I did at least O.K considering this is my first post on the forum.

Edited January 8, 2021 by linuxChips2600
Forgot to mention "availability" as key factor for "gaming-friendliness"

[Kilrah]

I don't see how the comparison with AMD makes any sense, fixing security issues is good but that's not something users will notice or usually care about unlike crashing and non-working drivers where people aren't able to use their GPUs correctly...

[dizmo]

I mean. AMD fixes driver issues too. In fact, both release driver updates on a regular basis (well, I assume AMD does, haven't had one of their cards in a very, very long time), and they include security fixes, game improvements, etc. Not sure if that was your attempt at click bait but it's a pretty hard fail Nice try though. Better luck next time.

[Master Disaster]

Why would AMD need to fix exploits present in Nvidia's kernel mode driver module?

[SavageNeo]

Where is AMD involved in this?

[linuxChips2600]

 

1 minute ago, Kilrah said:

I don't see how the comparison with AMD makes any sense, fixing security issues is good but that's not something users will notice or usually care about unlike crashing and non-working drivers where people aren't able to use their GPUs correctly...

I never said or implied that this was somehow "bad news;" it's just that given how serious this issue is (remember, 8.4 out of 10), and how AMD got soooooooo much attention with their driver issues, I thought that it'd bring some balance to the info regularly presented about each major GPU manufacturer, as no one is perfect.  Trust me, as a Computer Science student one of the first things I was taught is that software is continually changing (and hopefully improved) over time; it is rarely a "write once and forget about it" matter.

Also, sure, security issues may not have an immediate impact on the user experience, but the same was also true for Meltdown and Spectre (with those being hardware vulnerabilities nonwithstanding), and it is common knowledge in software development that with each software update (especially with such a complicated piece of software as a state-of-the-art GPU driver) there's always the risk of breaking existing setups.  More importantly, if you knew that your gaming GPU make it easier for a hacker to breach the security of your PC, would you still want to continue to use that GPU?  Also, given LTT's vast audience I'm sure that there are at least a few enterprise-class GPU users sprinkled somewhere in there, and surely they would like to know about this if they haven't already, right?
 

Also since this has been brought up at least once, and as I did want to make my title and intro more attention-grabbing, by LTT-standards my title and intro are not clickbait.  They do not state anything contrary to the facts nor to the main content of my post.  Linus himself already addressed this issue officially in Honest Answers Ep. 5 back in 2017.

[linuxChips2600]

19 minutes ago, SavageNeo said:

Where is AMD involved in this?

 

25 minutes ago, Master Disaster said:

Why would AMD need to fix exploits present in Nvidia's kernel mode driver module?

I said "NOT AMD"; is that not true of my post's content? I honestly expected more people to understand that I meant it's not just AMD who has driver issues, but apparently people are somehow coming to the conclusion that as soon as I mention the word "AMD", I somehow am talking about what AMD themselves are actually doing??

I will NOT respond to further questions about "but why the heck did he mention AMD?" unless if it is an actual forum moderator who feels that my intro or title is misleading.  And if it is a forum moderator, may I say in advance that I am very sorry as I was just trying to be at least a little bit creative, and I never meant to mislead people as I did in fact carefully read the rules before making my initial post.  And yes I'll change the intro and title ASAP if a moderator requests me to do so.
 

[Master Disaster]

31 minutes ago, linuxChips2600 said:

 

I said "NOT AMD"; is that not true of my post's content? I honestly expected more people to understand that I meant it's not just AMD who has driver issues, but apparently people are somehow coming to the conclusion that as soon as I mention the word "AMD", I somehow am talking about what AMD themselves are actually doing??

I will NOT respond to further questions about "but why the heck did he mention AMD?" unless if it is an actual forum moderator who feels that my intro or title is misleading.  And if it is a forum moderator, may I say in advance that I am very sorry as I was just trying to be at least a little bit creative, and I never meant to mislead people as I did in fact carefully read the rules before making my initial post.  And yes I'll change the intro and title ASAP if a moderator requests me to do so.
 

TBF the confusion is understandable.

 

There was no reason to even mention AMD, at all. Anybody interested enough to understand the implications will also understand this is something that only affects Nvidia.

 

I fully admit I didn't take your meaning from the thread title and now that you've explained it I can see what your intention was but IMO its not very clear. Maybe update the thread title and clarify. Instead of (not AMD) you could change it to (its not only AMD who have driver issues) because right now it comes off as being a little "GPUwars-ish".

[Kilrah]

58 minutes ago, linuxChips2600 said:

and how AMD got soooooooo much attention with their driver issues

Because of usability issues, not security.

 

Yeah there's a security vulnerability rated 8.4, but in real life desipite the "heavy marketing" around security issues lately most of them have little real world implications, even spectre and meltdown. 

[Delicieuxz]

No need to harp on the new poster's mention of AMD too much, IMO. Thanks for the heads-up, @linuxChips2600.

[linuxChips2600]

4 minutes ago, Master Disaster said:

TBF the confusion is understandable.

 

There was no reason to even mention AMD, at all. Anybody interested enough to understand the implications will also understand this is something that only affects Nvidia.

 

I fully admit I didn't take your meaning from the thread title and now that you've explained it I can see what your intention was but IMO its not very clear. Maybe update the thread title and clarify. Instead of (not AMD) you could change it to (its not only AMD who have driver issues) because right now it comes off as being a little "GPUwars-ish".

 

Thanks for the feed back man; now I just hope that my title isn't too long, but tbh I'd rather be that than cause a bunch of confusion, especially in a "Tech News" section of any forum

It also seems then that I severely underestimated how deep the "GPUwars"-esque sentiments run within the online tech community (and I do not mean that such sentiments applies to the majority of people in the community).  I mean, it's definitely not as if I wasn't aware of it in the first place, but to think that mentioning "AMD" and "driver issues" in the same sentence (even when that sentence is factually accurate and NOT purposefully written as to incite flame wars) could potentially stir up such negativity in readers, well... honestly I'm not sure how to feel.

But anyway since this is a tech news section I won't dwell on this any further, but I'll definitely keep your feedback in mind as I contribute to this forum in a (hopefully) more positive manner in the future.

[linuxChips2600]

10 minutes ago, Kilrah said:

Because of usability issues, not security.

 

Yeah there's a security vulnerability rated 8.4, but in real life desipite the "heavy marketing" around security issues lately most of them have little real world implications, even spectre and meltdown. 

Yes, but as I've said even if the actual security vulnerability itself doesn't ever get exploited in practice, it'd be silly of any company to knowingly not patch these vulnerabilities, as it only takes one exploit to cause significant damage and even more importantly irrevocable loss of trust in a company.  Do you think any major company would like to take that chance?

[Kilrah]

Sure but then I fail to see the point, they precisely did patch them, and... well it's neither unusual nor surprising, just part of business as usual.

[leadeater]

1 hour ago, Kilrah said:

Because of usability issues, not security.

Yep, much like the RTX 30 series issues that were actually drivers not the whole "BLAME THE CAPS!" like everyone was screaming 

 

Both have issues and will always have issues, the only difference I have noticed between the two is when there is a major architecture change Nvidia does tend to have more polished and stable drivers than AMD does (RDNA vs Turing).

[Delicieuxz]

30 minutes ago, leadeater said:

Yep, much like the RTX 30 series issues that were actually drivers not the whole "BLAME THE CAPS!" like everyone was screaming 

Cards with an MLCC power-filtration design tended to not have the problems that cards with an all SP-cap configuration did. EVGA spoke to this, and der8auer's modding a card with an SP-cap configuration to have a couple MLCC arrays (which I think brought the card up to Nvidia's spec) did make it stable with an additional 20 - 30 Mhz - which possibly could make the difference for a lot of the MSRP-priced stock and factory-overclocked cards. Consequently, Nvidia's driver had to be adjusted to accommodate cards with a worse cap configuration.

 

So, the caps were the weak link. But from a design perspective, it could be chosen to either lower the performance target to an all-SP-cap design, or ensure that cards have enough MLCCs to suit the Nvidia and factory-OC performance targets.

[LAwLz]

2 hours ago, linuxChips2600 said:

It also seems then that I severely underestimated how deep the "GPUwars"-esque sentiments run within the online tech community (and I do not mean that such sentiments applies to the majority of people in the community).

And you are contributing to the problem by, according to yourself, deliberately going "look at how bad company X is! Everyone look at them! See, company Y isn't the only one having issues".

 

Do we seriously need a news thread whenever a company patches a security vulnerability? The entire news section would be 90% "company X fixes vulerability Y" if that was allowed.

[Quackers101]

although nvidia had their issues with drivers too, but compared to AMD, do both get "equal" amounts of updates and drivers?

[leadeater]

1 hour ago, Delicieuxz said:

Cards with an MLCC power-filtration design tended to not have the problems that cards with an all SP-cap configuration did

I know what they spoke about, caps were not the cause of the issue. ALL cards were fixed with the driver released by Nvidia to fix the issue. The problem was clock runaway/spikes that the drivers wasn't correctly preventing, some all MLCC cards were crashing just the same. We know what the fix was, some cards fairing better than others have too many factors to broad pin it down to just MLCC vs not or mix of as there were cards with a mix of fairing better than cards with all MLCC as well.

 

1 hour ago, Delicieuxz said:

 

So, the caps were the weak link.

No, 100% was driver issues fixed by drivers. No cards have the issue now because of this fix. Lots of people jumped before looking, some looked but were unable to find a complete answer due the complexity. But what has stuck in the mind of people the most is utterly false.

[Blademaster91]

4 minutes ago, leadeater said:

No, 100% was driver issues fixed by drivers. No cards have the issue now because of this fix. Lots of people jumped before looking, some looked but were unable to find a complete answer due the complexity. But what has stuck in the mind of people the most is utterly false.

Wasn't the driver "fix" actually lowering the boost clocks? So then IMO the issue is still worse than Nvidia FE specs, apparently some companies did it as a cost saving measure as putting a bunch of MLCC's on a card is more costly than using SP caps.

[leadeater]

6 minutes ago, Blademaster91 said:

Wasn't the driver "fix" actually lowering the boost clocks? So then IMO the issue is still worse than Nvidia FE specs, apparently some companies did it as a cost saving measure as putting a bunch of MLCC's on a card is more costly than using SP caps.

FE cards were also crashing, some all MLCC cards were crashing, some all POSCAP cards were not crashing at all, some mix caps cards were worse than others. Really it was all over the place, but most importantly that first point, FE cards were also affected. And FYI Nvidia design spec is not actually the FE cards, those are actually above their partner spec documentation.

 

Also the problem was exclusive to the Windows driver, no Linux driver update was released as it was never affected.

[Blademaster91]

1 hour ago, LAwLz said:

And you are contributing to the problem by, according to yourself, deliberately going "look at how bad company X is! Everyone look at them! See, company Y isn't the only one having issues".

Nah its needed because a lot of people on this forum like to think Nvidia has perfect drivers, which they don't, other issues with Nvidia drivers, with version 460.89 for example is screen flashing on 1080ti cards, youtube video stuttering when scrolling in a browser, or lagging in Steam VR. AMD would get tons of crap for things like screen flashing, but with Nvidia that seems to be mostly ignored.

1 hour ago, LAwLz said:

Do we seriously need a news thread whenever a company patches a security vulnerability?

Why not?

[StDragon]

Not to throw crypto mining under the bus here, but it's been attributed to malicious activity and thus flagged as malware by various AV suites. Now, I haven't researched if it's being flagged as guilty by association to bad actors rolling up components into their malware kit (Monero mining), or there's actually bad code that can exploit via GPU driver vulnerabilities. But depending on where you're sourcing 3rd party mining executables the chances are rather high that if something can exploit through the driver, it would; if not now, at some point.

 

 

[D13H4RD]

There's a fundamental difference between this and AMD's Navi driver issues though.

 

AMD's driver issues mainly affected usability. The main thing that's fixed with this one are security holes.

[MageTank]

2 hours ago, Delicieuxz said:

Cards with an MLCC power-filtration design tended to not have the problems that cards with an all SP-cap configuration did. EVGA spoke to this, and der8auer's modding a card with an SP-cap configuration to have a couple MLCC arrays (which I think brought the card up to Nvidia's spec) did make it stable with an additional 20 - 30 Mhz - which possibly could make the difference for a lot of the MSRP-priced stock and factory-overclocked cards. Consequently, Nvidia's driver had to be adjusted to accommodate cards with a worse cap configuration.

 

So, the caps were the weak link. But from a design perspective, it could be chosen to either lower the performance target to an all-SP-cap design, or ensure that cards have enough MLCCs to suit the Nvidia and factory-OC performance targets.

Had my hands on half a dozen board partner cards before the launch, ranging from the MLCC designs (both full and hybrid) to the "cheaper" SP-cap (originally incorrectly labeled as "POS caps") configurations. I can confirm that both designs had their fair share of crashing, however I originally attributed this to the fact that I couldn't get my hands on a signed driver to save my life despite our contacts swearing they were signed and ready for WHQL (plot twist, far from it, lol)

 

Even now, I have an early revision MSI 3080 Gaming X Trio and current revision model with different cap configurations, both overclock identically and I cannot tell them apart, short from the fact that our water block needed thicker thermal pads for the newer revision.

 

I am firmly in the camp that it was a driver issue from the start, and that the capacitor configuration was more so a placebo than anything. Not to discredit Der8auer or the others, but I think people were out looking for a quick solution due to the high demand for the cards and were ready to do anything to please the mob at that time. In the end, all it did was make it more difficult for me to get a reference PCB with a normal capacitor configuration short of flying to Europe and finding a weird reference card there.

 

With how limited these cards were at launch, it wasn't like we had a large enough sample size between users to determine what was actually causing the instability within the drivers that allowed some users to use the GPU's without issue while others had issues non-stop.

1 hour ago, Blademaster91 said:

Wasn't the driver "fix" actually lowering the boost clocks? So then IMO the issue is still worse than Nvidia FE specs, apparently some companies did it as a cost saving measure as putting a bunch of MLCC's on a card is more costly than using SP caps.

They did lower the boost clocks, but oddly enough, you can still overclock these cards without the crashes occurring again. I feel like they actually adjusted the voltage/frequency curve to be a bit less aggressive while still leaving some overhead for overclocking. You can also see that the cards still scale, so we are not dealing with the phantom scaling issue that was present on Pascal cards, where you could push 2200mhz but lose performance in the process.

 

1 hour ago, leadeater said:

FE cards were also crashing, some all MLCC cards were crashing, some all POSCAP cards were not crashing at all, some mix caps cards were worse than others. Really it was all over the place, but most importantly that first point, FE cards were also affected. And FYI Nvidia design spec is not actually the FE cards, those are actually above their partner spec documentation.

 

Also the problem was exclusive to the Windows driver, no Linux driver update was released as it was never affected.

This is probably the only claim I can't test. We never could get our hands on any of the FE cards except for the 3070, and that was long after this issue was resolved.

 

[WhitetailAni]

Crap.

My GeForce 4 is not safe.