Nvidia Releases Critical Security Updates for GPU Drivers and vGPU Software
Charles M. Walls | June 10, 2024 | Views: 174
The updates for GPU drivers, now available in versions R555, R550, R535, and R470, tackle five security vulnerabilities. According to Nvidia’s advisory, three of these are classified as ‘high severity’ while the other two are ‘medium severity’.
The most critical vulnerability, labeled CVE‑2024‑0090, is an out-of-bounds write flaw that affects both Windows and Linux drivers. This issue can allow attackers to execute arbitrary code, access or modify data, escalate privileges, or cause a denial-of-service (DoS) condition.
In addition, Nvidia has addressed CVE‑2024‑0089 in its Windows drivers. This vulnerability can lead to code execution, information disclosure, and data tampering.
Another high-severity issue, CVE‑2024‑0091, involves an untrusted pointer dereference in Nvidia’s Windows and Linux drivers. This flaw could result in DoS conditions, information leaks, and data tampering.
The two medium-severity vulnerabilities fixed in the June 2024 driver updates can lead to information disclosure on Linux and a DoS condition on both Windows and Linux systems.
Regarding the vGPU software, Nvidia's updates address five additional vulnerabilities, including two high-severity flaws. These critical issues, tracked as CVE‑2024‑0099 and CVE‑2024‑0084, were found in the Virtual GPU Manager of the vGPU software for Linux and could result in information disclosure, privilege escalation, data tampering, or DoS conditions.
The remaining three medium-severity flaws in the vGPU software could lead to data tampering, privilege escalation, DoS conditions, or other unspecified behavior.
Nvidia has incorporated these fixes into vGPU software versions R550, R535, and R470, ensuring that the updates to the vGPU Manager driver include the necessary GPU driver patches as well.
