Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Nvidia Patches High-Severity GPU Driver Vulnerabilities

Nvidia patches multiple high-severity vulnerabilities in GPU display drivers and virtual GPU software.

Nvidia has released software updates that address multiple high-severity vulnerabilities in its GPU drivers and virtual GPU (vGPU) software.

The GPU driver updates, rolling out as versions R555, R550, R535, and R470, resolve a total of five security defects, three of which are rated ‘high severity’ and two rated ‘medium severity’, Nvidia’s advisory reveals.

The most severe of these flaws, tracked as CVE‑2024‑0090, could allow attackers to execute arbitrary code, access or tamper with data, escalate privileges, or cause a denial-of-service (DoS) condition. Impacting both Windows and Linux drivers, the issue is described as an out-of-bounds write.

Nvidia’s driver updates for Windows also resolve CVE‑2024‑0089, another bug leading to code execution, information disclosure, and data tampering.

The third high-severity issue is CVE‑2024‑0091, an untrusted pointer dereference flaw in Nvidia’s Windows and Linux drivers that could lead to a DoS condition, information disclosure, and data tampering.

The two medium-severity vulnerabilities resolved with Nvidia’s June 2024 driver updates could lead to information disclosure on Linux and a DoS condition on both Windows and Linux.

Nvidia’s vGPU software updates resolve five other bugs, including two high-severity flaws that could lead to information disclosure, privilege escalation, data tampering, or DoS conditions.

Tracked as CVE‑2024‑0099 and CVE‑2024‑0084, these issues were identified in the Virtual GPU Manager of the vGPU software for Linux.

Advertisement. Scroll to continue reading.

The remaining three flaws resolved in vGPU software are medium-severity vulnerabilities leading to data tampering, privilege escalation, DoS conditions, or other, undefined behavior.

Nvidia addressed these vulnerabilities with the release of vGPU software versions R550, R535, and R470 and notes that updates to vGPU Manager driver contain the GPU driver patches as well.

Users are advised to apply Nvidia’s software updates as soon as possible.

Related: Code Execution Flaws Haunt NVIDIA ChatRTX for Windows

Related: Fortinet Patches Critical RCE Vulnerability in FortiClientLinux

Related: Hikvision Patches High-Severity Vulnerability in Security Management System

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

Exabeam has appointed Kish Dill as Chief Customer Success Officer.

More People On The Move

Expert Insights