NVIDIA Patches Multi Vulnerabilities in Windows and Linux GPU Drivers
NVIDIA has issued a security bulletin addressing multiple vulnerabilities in its GPU Display Driver for both Windows and Linux. These vulnerabilities, if exploited, could allow attackers to execute malicious code, escalate privileges, and even cause denial of service attacks.
The most severe of the vulnerabilities is CVE-2024-0126, which affects both Windows and Linux platforms. This flaw, with a CVSS score of 8.2, could allow a privileged attacker to escalate permissions, potentially leading to unauthorized code execution. According to the bulletin, “A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.”
Another vulnerability, CVE-2024-0117, affects the Windows platform specifically. This flaw exists in the user-mode layer of the GPU Display Driver and could allow an unprivileged user to cause an out-of-bounds read. With a CVSS score of 7.8, this vulnerability also has the potential to result in code execution, data tampering, and privilege escalation.
Further vulnerabilities, such as CVE-2024-0118, CVE-2024-0119, CVE-2024-0120, and CVE-2024-0121, similarly affect the user-mode layer of the Windows GPU Display Driver, allowing unprivileged users to exploit weaknesses, which may result in a range of security issues, from denial of service to full system compromise.
The affected products include:
- GeForce Windows R565: All driver versions prior to 566.03
- NVIDIA RTX, Quadro, and NVS Windows R565: All driver versions prior to 566.03
- Tesla Windows R565: All driver versions prior to 566.03
For Linux users, the affected driver versions include all versions prior to 565.57.01 in the R565 branch. These vulnerabilities also impact several other branches, such as R550 and R535, both on Windows and Linux platforms.
NVIDIA has already provided updates to address these vulnerabilities. Users should visit the NVIDIA Driver Downloads page to install the latest versions, or for users of vGPU software and cloud gaming, updates can be downloaded through the NVIDIA Licensing Portal.
