NVIDIA GPU Display Driver Vulnerability

NVIDIA has released a critical software security update to address multiple vulnerabilities affecting its GPU Display Driver and Virtual GPU (vGPU) software.

Among these is CVE‑2024‑0149, a vulnerability in the NVIDIA GPU Display Driver for Linux that could allow attackers unauthorized access to files.

This flaw, rated with a CVSS score of 3.3 (Low severity), may lead to limited information disclosure if exploited successfully.

SIEM as a Service

These updates aim to mitigate risks such as information disclosure, denial of service, data tampering, and code execution.

Key Vulnerabilities Addressed

The security bulletin outlines several vulnerabilities identified in NVIDIA’s software products. These include:

NVIDIA GPU Display Driver:

  • CVE‑2024‑0150: A buffer overflow vulnerability that could lead to information disclosure, denial of service, or data tampering. Severity: High (CVSS Score: 7.1).
  • CVE‑2024‑0147: A memory management flaw that could result in denial of service or data tampering. Severity: Medium (CVSS Score: 5.5).
  • CVE‑2024‑53869: Uninitialized memory exposure in the Unified Memory driver for Linux, potentially leading to information disclosure. Severity: Medium (CVSS Score: 5.5).
  • Additional vulnerabilities include CVE‑2024‑0131 and CVE‑2024‑0149, both rated Medium to Low severity.

NVIDIA vGPU Software

  • CVE‑2024‑0146: A memory corruption issue in the Virtual GPU Manager that could allow code execution or denial of service. Severity: High (CVSS Score: 7.8).
  • CVE‑2024‑53881: A host driver vulnerability enabling a guest to cause an interrupt storm on the host system, leading to denial of service. Severity: Medium (CVSS Score: 5.5).

The vulnerabilities affect a range of NVIDIA products across both Windows and Linux platforms, including GeForce, NVIDIA RTX, Quadro, NVS, and Tesla GPUs.

  • For Windows systems – Updated driver versions include 572.16 for R570 branch, 553.62 for R550 branch, and 539.19 for R535 branch.
  • For Linux systems – Updated driver versions include 570.86.16 for R570 branch, 550.144.03 for R550 branch, and 535.230.02 for R535 branch.

NVIDIA strongly advises all users to install the latest security updates to protect their systems from potential exploits. The updates can be downloaded from the NVIDIA Driver Downloads page or through the Licensing Portal for vGPU software.

Organizations are encouraged to consult IT professionals to assess the specific risks posed by these vulnerabilities in their environments.

NVIDIA has credited security researchers Xiaochen Zou and Wolfgang Frisch for identifying some of these vulnerabilities.

Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN Sandox -> Start Now for Free.

Balaji N
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.