NVIDIA Addresses High Security Flaws in GPU Display Drivers and vGPU Software

NVIDIA has recently released a crucial software security update aimed at protecting users of NVIDIA GPU Display Driver and NVIDIA vGPU Software. This update targets vulnerabilities that could result in code execution, denial of service, privilege escalation, information disclosure, and data tampering. It is imperative for users to ensure their systems are updated to mitigate these potential threats.

Photo by Christian Wiediger on Unsplash

NVIDIA has identified several vulnerabilities with varying severity levels, which include:

1. CVE-2023-0189 and CVE-2023-0184 (CVSS scores of 8.8): These vulnerabilities affect both Windows and Linux versions of the NVIDIA GPU Display Driver. They are located in the kernel mode layer handler and can lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
2. CVE-2023-0182 (CVSS score of 7.8): This vulnerability impacts the Windows version of the NVIDIA GPU Display Driver. An out-of-bounds write in the kernel mode layer could lead to denial of service, information disclosure, and data tampering.
3. CVE-2023-0181, CVE-2023-0191, CVE-2023-0183, and CVE-2023-0180 (CVSS scores of 7.1): These vulnerabilities affect both Windows and Linux versions of NVIDIA GPU Display Driver and involve the kernel mode layer handler. They can result in denial of service, data tampering, and, in some cases, information disclosure.

In addition to these high-severity vulnerabilities, NVIDIA has addressed nine medium-severity vulnerabilities and two low-severity vulnerabilities.

To safeguard your system against these vulnerabilities, it is vital to download and install the software update through the NVIDIA Driver Downloads page. For the vGPU software update, users should access the NVIDIA Licensing Portal.