NVIDIA GPU Vulnerabilities Allow Attackers To Execute Remote Code on Windows & Linux

NVIDIA released a critical security update for its GPU Display Driver to fix vulnerabilities that could enable remote code execution, privilege escalation, and other serious risks on Windows and Linux systems. Users are strongly advised to update promptly. The NVIDIA GPU Display Driver is essential software that enables an operating system to communicate with an […] The post NVIDIA GPU Vulnerabilities Allow Attackers To Execute Remote Code on Windows & Linux appeared first on Cyber Security News.

Oct 28, 2024 - 08:11
 0
NVIDIA GPU Vulnerabilities Allow Attackers To Execute Remote Code on Windows & Linux

NVIDIA released a critical security update for its GPU Display Driver to fix vulnerabilities that could enable remote code execution, privilege escalation, and other serious risks on Windows and Linux systems. Users are strongly advised to update promptly.

The NVIDIA GPU Display Driver is essential software that enables an operating system to communicate with an NVIDIA graphics card, allowing it to handle complex graphics rendering, hardware acceleration, and display management.

It ensures smooth performance in visual tasks like gaming and video editing by supporting graphics APIs like DirectX and OpenGL, optimizing for specific applications, and providing regular updates for enhanced performance and security.

The update, released on October 22, 2024, is designed to mitigate several high-severity vulnerabilities identified in the driver. Updates for vGPU software and Cloud Gaming can be accessed through the NVIDIA Licensing Portal.

Vulnerability Details

The security bulletin highlights several vulnerabilities with varying impacts:

  • CVE‑2024‑0126: This vulnerability affects both Windows and Linux versions of the NVIDIA GPU Display Driver. It allows a privileged attacker to escalate permissions, potentially leading to code execution, denial of service, information disclosure, and data tampering. The vulnerability is rated with a CVSS base score of 8.2, categorized as High severity.
  • CVE‑2024‑0117 to CVE‑2024‑0121: These vulnerabilities are found in the user mode layer of the Windows driver version. They permit an unprivileged user to cause an out-of-bounds read, which could lead to similar impacts as CVE-2024-0126. Each vulnerability carries a CVSS base score of 7.8 and is rated high severity.

Protecting Your Networks & Endpoints With UnderDefense MDR – Request Free Demo

CVEs Addressed in Each Windows Driver Branch

The following table lists the CVEs addressed by the update in each Windows driver branch:

Windows Driver BranchCVEs Addressed
R565, R560, R555, R550, R535CVE‑2024‑0117, CVE‑2024‑0118, CVE‑2024‑0119, CVE‑2024‑0120, CVE‑2024‑0121, CVE‑2024‑0126

Security Updates for NVIDIA GPU Windows Display Driver

The following table lists the affected NVIDIA software products and their updated versions:

Software ProductOperating SystemDriver BranchAffected Driver VersionsUpdated Driver Version
GeForceWindowsR565All versions prior to 566.03566.03
NVIDIA RTX, Quadro, NVSWindowsR565All versions prior to 566.03566.03
R550All versions prior to 553.24553.24
R535All versions prior to 538.95538.95
TeslaWindowsR565All versions prior to 566.03566.03
R550All versions prior to 553.24553.24
R535All versions prior to 538.95538.95

CVEs Addressed in Each Linux Driver Branch

The following table lists the CVEs addressed by the update in each Linux driver branch:

Linux Driver BranchCVEs Addressed
R565, R550, R535CVE‑2024‑0126

Affected Components and Updated Versions for Linux

The following table lists affected NVIDIA software products on Linux and their updated versions:

Software ProductOperating SystemDriver BranchAffected Driver VersionsUpdated Driver Version
GeForceLinuxR565All versions prior to 565.57.01565.57.01
R550All versions prior to 550.127.05550.127.05
R535All versions prior to 535.216.01535.216.01
NVIDIA RTX, Quadro, NVSLinuxR565All versions prior to 565.57.01565.57.01
R550All versions prior to 550.127.05550.127.05
R535All versions prior to 535.216.01535.216.01
TeslaLinuxR550All versions prior to 550.127.05550.127.05
R535All versions prior to 535.216.01535.216.01

NVIDIA urges all users to apply these updates promptly to protect their systems from potential exploits. Users are strongly advised to download and install the update from the NVIDIA Driver Downloads page.

Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!

The post NVIDIA GPU Vulnerabilities Allow Attackers To Execute Remote Code on Windows & Linux appeared first on Cyber Security News.

What's Your Reaction?

like

dislike

love

funny

angry

sad

wow