Nvidia Patches High-Severity Flaws in Windows, Linux Graphics Drivers

Share This Post

Technology giant Nvidia has rolled out urgent security updates to fix at least 8 high-severity vulnerabilities in GPU drivers for Windows and Linux, and in its virtual GPU (vGPU) software.

The company shipped updates for five security defects affecting Nvidia’s graphics drivers for Windows that allow an unprivileged user to cause an out-of-bounds read.

Tracked as CVE‑2024‑0117 to CVE‑2024‑0121, these bugs could be exploited for code execution, escalation of privilege, denial-of-service, information disclosure, and data tampering, Nvidia said in an advisory.

A sixth issue, tracked as CVE‑2024‑0126 and affecting both Windows and Linux GPU drivers from Nvidia, allows a privileged attacker to escalate permissions, with similar consequences as the other five flaws.

Nvidia released software updates for its GeForce, NVIDIA RTX, Quadro, NVS, and Tesla products to resolve these bugs in R565, R560, R555, R550, and R535 Windows driver branches, and in R565, R550, and R535 Linux driver branches.

Nvidia notes that earlier branch software releases might be affected by these vulnerabilities as well and encourages users to update to the latest branch release.

The company resolved two additional flaws in the vGPU software, one in the GPU kernel driver of the vGPU Manager (CVE‑2024‑0127) that could allow “a user of the guest OS can cause an improper input validation by compromising the guest OS kernel,” and another in the vGPU Manager itself (CVE‑2024‑0128) “that allows a user of the guest OS to access global resources.”

While both defects could lead to escalation of privilege, information disclosure, and data tampering, the first vulnerability can also be exploited for code execution and denial-of-service.

Advertisement. Scroll to continue reading.

Nvidia vGPU software versions 17.4 and 16.8 contain patched driver iterations that resolve all the above vulnerabilities. Fixes for these flaws were also included in the October 2024 release of Nvidia Cloud Gaming software.

Users are advised to apply the available patches as soon as possible. Additional information can be found on Nvidia’s product security page.

Related: Code Execution, Data Tampering Flaw in Nvidia NeMo Gen-AI Framework

Related: AMD Says Sinkclose CPU Flaw Only Affects ‘Seriously Breached Systems’

Related: Nvidia Patches High-Severity GPU Driver Vulnerabilities

Related: ‘USB Over Ethernet’ Driver Vulnerabilities Affected Major Cloud Services

This post was originally published on this site

More Articles
Article

Navigating SEC Regulations In Cybersecurity And Incident Response

Free video resource for cybersecurity professionals. As 2024 approaches, we all know how vital it is to keep up to date with regulatory changes that affect our work. We get it – it’s a lot to juggle, especially when you’re in the trenches working on an investigation, handling, and responding to incidents.

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .