Nvidia has released a new software security update for the NVIDIA GPU Display Driver that addresses a total of seven GPU vulnerabilities, including one low, three medium, and three high-severity-rated issues. These were outlined in a recent security bulletin, dated January 28th.

Nvidia advises users to download and install this update through the NVIDIA Driver Downloads page to protect their systems from denial of service attacks, information disclosure, and data tampering. Below are the seven vulnerabilities this security update addresses, listed in order of severity:

High Severity Nvidia GPU Vulnerabilities

• CVE‑2024‑0131: A 7.8 severity GPU kernel driver for Windows and Linux vulnerability that could allow a potential user-mode attacker to read a buffer with an incorrect length, leading to a denial of service attack if successful.
• CVE‑2024‑0146: Another 7.8 severity vulnerability, this time within the Virtual GPU Manager, which could lead to memory corruption and ultimately has the potential to enable a malicious guest user to exploit code execution, denial of service, information disclosure, or data tampering.
• CVE‑2024‑0150: A 7.1 severity GPU display driver for Windows and Linux vulnerability involving data being written past the end or before the beginning of a buffer. This could lead to information disclosure, denial of service or data tampering if an attacker was successful in exploiting the vulnerability.

Medium Severity Nvidia GPU Vulnerabilities

• CVE‑2024‑0147: A 5.5 severity vulnerability in the GPU display driver for Windows and Linux that allows memory to be referenced after it has been freed and, if exploited, could lead to a denial of service attack or data tampering.
• CVE‑2024‑53869: Another 5.5 on the severity scale, this time an uninitialized memory in the unified memory driver for Linux that could lead to information disclosure.
• CVE‑2024‑53881: The final 5.5 rated vulnerability, impacting vGPU software and the host driver, “where it can allow a guest to cause an interrupt storm on the host,” Nvidia said, which can lead to another denial of service attack.

Low Severity Nvidia GPU Vulnerability

• CVE‑2024‑0149: A 3.3 severity vulnerability in the GPU Display Driver for Linux could allow an attacker unauthorized access to files.

Source: Forbes

Download the software security update now

There are a few vulnerabilities more concerning than others, and one major high-severity one here is CVE-2024-0146. This vulnerability is particularly worrying because it enables arbitrary code execution and operates in userland, meaning no special permissions are needed. Once the exploit reaches kernel space, the system is fully compromised, granting the attacker complete control.

That said, Nvidia has stated that risk assessments within the security bulletin are based on “an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation.” Nonetheless, it’s still better to keep your system updated with the latest security patches to protect yourself from any malicious attacks. NVIDIA’s security bulletin provides a much deeper look into these potential safety issues and their impacts, as well as what the latest security update addresses, so be sure to check it out as well.

About the Author

Hassam Nasir

Hassam boasts over seven years of professional experience as a dedicated PC hardware reviewer and writer.