NVIDIA Tackles Severe GPU Display Driver Vulnerabilities – Urgent Update Required

Nvidia vulnerability - CVE-2024-0126

NVIDIA, the graphics processing powerhouse, has released a crucial security update for its GPU Display Drivers. This February 2024 update addresses multiple vulnerabilities that could potentially compromise your system’s security, ranging from system crashes to malicious code execution.

Nvidia vulnerability

What’s at Risk?

A slew of vulnerabilities, spanning from the user mode layer to the very kernel of the system, were identified in NVIDIA’s GPU Display Drivers for both Windows and Linux platforms. These vulnerabilities, if left unaddressed, could allow unprivileged users to exploit the system, leading to a range of malicious outcomes, including unauthorized code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Among the vulnerabilities disclosed, CVE-2024-0071 and CVE-2024-0073, both rated CVSS 7.8, represent critical threats within the Windows environment, allowing for potential out-of-bounds write and operations at unnecessarily high privilege levels, respectively. Meanwhile, the Linux platform is not immune, with CVE-2024-0074 (CVSS 7.1) posing a threat through memory access beyond buffer limits.

Additionally, CVE-2024-0078 (CVSS 6.5) and CVE-2024-0075 (CVSS 6.1), affecting both Windows and Linux, highlight the dangers of NULL-pointer dereferences, leading to potential system crashes and limited information leaks. Notably, CVE-2024-42265 (CVSS 5.3) serves as a reminder of the lasting impact of vulnerabilities, allowing for integer overflow through kernel mode layer handler manipulation.

In the virtual realm, CVE-2024-0077 (CVSS 7.8) in the NVIDIA Virtual GPU Manager unveils a vulnerability in the vGPU plugin that could permit a guest OS to overstep its bounds, potentially leading to code execution, denial of service, and escalation of privileges, among other threats.

Lastly, CVE-2024-0079 (CVSS 6.5) echoes the dangers of NULL-pointer dereference in the kernel mode layer, underscoring the perils that guest VM users pose to the host, with denial of service being a prime concern.

The Importance of Updating

Don’t underestimate these vulnerabilities! They leave your system open to a wide range of attacks. If you use an NVIDIA graphics card, updating your drivers is essential to safeguarding your system.

How to Protect Yourself

  1. Download the Update: Head to the NVIDIA Driver Downloads page (https://www.nvidia.com/Download/index.aspx) or the NVIDIA Licensing Portal for the latest software patches.
  2. Install Immediately: Once downloaded, install the update as soon as possible. Don’t let your system remain vulnerable.