Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Nvidia Patches High-Severity GPU Driver Vulnerabilities

Nvidia patches multiple high-severity vulnerabilities in GPU display drivers and virtual GPU software.

Nvidia has released software updates that address multiple high-severity vulnerabilities in its GPU drivers and virtual GPU (vGPU) software.

The GPU driver updates, rolling out as versions R555, R550, R535, and R470, resolve a total of five security defects, three of which are rated ‘high severity’ and two rated ‘medium severity’, Nvidia’s advisory reveals.

The most severe of these flaws, tracked as CVE‑2024‑0090, could allow attackers to execute arbitrary code, access or tamper with data, escalate privileges, or cause a denial-of-service (DoS) condition. Impacting both Windows and Linux drivers, the issue is described as an out-of-bounds write.

Nvidia’s driver updates for Windows also resolve CVE‑2024‑0089, another bug leading to code execution, information disclosure, and data tampering.

The third high-severity issue is CVE‑2024‑0091, an untrusted pointer dereference flaw in Nvidia’s Windows and Linux drivers that could lead to a DoS condition, information disclosure, and data tampering.

The two medium-severity vulnerabilities resolved with Nvidia’s June 2024 driver updates could lead to information disclosure on Linux and a DoS condition on both Windows and Linux.

Nvidia’s vGPU software updates resolve five other bugs, including two high-severity flaws that could lead to information disclosure, privilege escalation, data tampering, or DoS conditions.

Tracked as CVE‑2024‑0099 and CVE‑2024‑0084, these issues were identified in the Virtual GPU Manager of the vGPU software for Linux.

Advertisement. Scroll to continue reading.

The remaining three flaws resolved in vGPU software are medium-severity vulnerabilities leading to data tampering, privilege escalation, DoS conditions, or other, undefined behavior.

Nvidia addressed these vulnerabilities with the release of vGPU software versions R550, R535, and R470 and notes that updates to vGPU Manager driver contain the GPU driver patches as well.

Users are advised to apply Nvidia’s software updates as soon as possible.

Related: Code Execution Flaws Haunt NVIDIA ChatRTX for Windows

Related: Fortinet Patches Critical RCE Vulnerability in FortiClientLinux

Related: Hikvision Patches High-Severity Vulnerability in Security Management System

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

People on the Move

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

Jill Passalacqua has been appointed Chief Legal Officer at autonomous security solutions provider Horizon3.ai.

Cisco has appointed Sean Duca as CISO and Practice Leader for the APJC region.

More People On The Move

Expert Insights