Nvidia has released software updates that address multiple high-severity vulnerabilities in its GPU drivers and virtual GPU (vGPU) software.
The GPU driver updates, rolling out as versions R555, R550, R535, and R470, resolve a total of five security defects, three of which are rated ‘high severity’ and two rated ‘medium severity’, Nvidia’s advisory reveals.
The most severe of these flaws, tracked as CVE‑2024‑0090, could allow attackers to execute arbitrary code, access or tamper with data, escalate privileges, or cause a denial-of-service (DoS) condition. Impacting both Windows and Linux drivers, the issue is described as an out-of-bounds write.
Nvidia’s driver updates for Windows also resolve CVE‑2024‑0089, another bug leading to code execution, information disclosure, and data tampering.
The third high-severity issue is CVE‑2024‑0091, an untrusted pointer dereference flaw in Nvidia’s Windows and Linux drivers that could lead to a DoS condition, information disclosure, and data tampering.
The two medium-severity vulnerabilities resolved with Nvidia’s June 2024 driver updates could lead to information disclosure on Linux and a DoS condition on both Windows and Linux.
Nvidia’s vGPU software updates resolve five other bugs, including two high-severity flaws that could lead to information disclosure, privilege escalation, data tampering, or DoS conditions.
Tracked as CVE‑2024‑0099 and CVE‑2024‑0084, these issues were identified in the Virtual GPU Manager of the vGPU software for Linux.
The remaining three flaws resolved in vGPU software are medium-severity vulnerabilities leading to data tampering, privilege escalation, DoS conditions, or other, undefined behavior.
Nvidia addressed these vulnerabilities with the release of vGPU software versions R550, R535, and R470 and notes that updates to vGPU Manager driver contain the GPU driver patches as well.
Users are advised to apply Nvidia’s software updates as soon as possible.
Related: Code Execution Flaws Haunt NVIDIA ChatRTX for Windows
Related: Fortinet Patches Critical RCE Vulnerability in FortiClientLinux
Related: Hikvision Patches High-Severity Vulnerability in Security Management System