.webp?w=1600&resize=1600,900&ssl=1 "NVIDIA GPU Display Driver Vulnerabilities")
NVIDIA has issued a critical software security update for its GPU Display Driver, addressing multiple vulnerabilities that could potentially expose systems to denial-of-service (DoS) attacks, data tampering, and information disclosure.
This update impacts users across Windows and Linux platforms and is essential for maintaining system security.
NVIDIA GPU Display Driver Vulnerabilities
The update targets five specific vulnerabilities, each identified by a Common Vulnerabilities and Exposures (CVE) ID. Below are the details:
.png
)
CVE-2024-0131: A high-severity issue in the GPU kernel driver for Windows and Linux. This flaw allows a user-mode attacker to read a buffer with an incorrect length, potentially leading to DoS attacks. It has a CVSS base score of 7.8 and is classified under CWE-805 (Buffer Access with Incorrect Length Value). NVIDIA has credited security researcher Xiaochen Zou for identifying the vulnerability.
Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN Sandox -> Try for Free
CVE-2024-0150: Another high-severity vulnerability where data is written beyond the boundaries of a buffer. This can result in information disclosure, DoS attacks, or data tampering. It has a CVSS score of 7.1 and falls under CWE-787 (Out-of-Bounds Write).
CVE-2024-0147: A medium-severity flaw involving the referencing of freed memory, which could lead to DoS or data tampering. This issue has a CVSS score of 5.5 and is categorized under CWE-416 (Use After Free).
CVE-2024-53869: A medium-severity vulnerability in the Unified Memory driver for Linux that could allow attackers to leak uninitialized memory, leading to information disclosure (CVSS score: 5.5, CWE-459 – Incomplete Cleanup).
CVE-2024-0149: A low-severity issue specific to Linux drivers that permits unauthorized file access, potentially resulting in limited information disclosure (CVSS score: 3.3, CWE-125 – Out-of-Bounds Read). NVIDIA has credited security researcher Wolfgang Frisch for identifying the vulnerability.
The vulnerabilities vary in severity, with CVE-2024-0131 and CVE-2024-0150 posing the highest risks due to their potential for significant system disruption and data compromise.
These flaws are particularly concerning for environments handling sensitive or high-value data. The vulnerabilities affect multiple NVIDIA products across different driver branches on both Windows and Linux:
Windows:
- Driver Branches: R535, R550
- Affected Products: NVIDIA RTX, Quadro, NVS, Tesla
- Updated Versions: R535 branch updated to version 539.19; R550 branch updated to version 553.62.
Linux:
- Driver Branches: R535, R550
- Affected Products: GeForce, NVIDIA RTX, Quadro, NVS, Tesla
- Updated Versions: R535 branch updated to version 535.230.02; R550 branch updated to version 550.144.03.
While no active exploits have been reported yet, the potential risks make this update critical for all affected users. NVIDIA strongly recommends users update their drivers immediately to mitigate these vulnerabilities.
Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar
