With more than 200 million gamers using Nvidia graphics to power their gaming experience across Linux and Windows platforms, security advisories need to be taken very seriously. When that advisory concerns no less than eight new high-severity vulnerabilities, only a total lamer gamer would ignore it. Here’s what you need to know about Nvidia security vulnerabilities CVE‑2024‑0117 through CVE‑2024‑0121.
Nvidia has published an advisory bulletin that details a total of eight high-severity common vulnerabilities and exposures, better known as CVE-rated security vulnerabilities. The vulnerabilities, impacting users of Nvidia graphics processing units across both Linux and Windows platforms, sit within the GPU display driver aand the virtual GPU software.
The reason for the urgency of Nvidia’s security precaution is, the company explained, the potential effect these vulnerabilities can have on users: code execution, denial of service, privilege escalation, data disclosure, and data manipulation. Sounds bad, that’s because it is.
Out-of-bounds memory vulnerabilities exist when a program attempts to read data from a different memory location than one within an allocated buffer. As such, they are among the most common security vulnerabilities discovered, but popularity should not be confused with little consequence. Most of the vulnerabilities outlined in this new Nvidia security advisory would appear to be in the user layer mode of the GPU display driver, and successful exploitation would allow an unprivileged attacker to cause what’s known as an out-of-bounds read leading to the impacts already mentioned.
The two vGPU software vulnerabilities are found in the kernel driver and virtual GPU manager of all supported hypervisors. The vGPU kernel vulnerability is a type of input validation that compromises the guest operating formula kernel. The virtual GPU control software vulnerability, on the other hand, allows a guest operating formula user to access global resources.
“To protect your system,” Nvidia said, “download and install this software update through the NVIDIA Driver Downloads page.” The update to patch the vGPU vulnerabilities can be downloaded through the Nvidia licensing portal.
Nvidia’s security updates for the GPU driving force in the Windows driving force branch are shown in the following table: You can click the symbol to see the full original on the Nvidia security announcement site, where the complete table of Linux driving force branches is also available.
Nvidia Security Advisory Release Chart
As with all such incidents where high-severity vulnerabilities are disclosed, all impacted users are advised to follow the Nvidia security team’s instructions and update now to ensure their systems are fully protected.
A community. Many voices. Create a free account to share your thoughts.
Our community is about connecting people through open and thoughtful conversations. We want our readers to share their views and exchange ideas and facts in a safe space.
To do this, please comply with the posting regulations in our site’s terms of use. Below we summarize some of those key regulations. In short, civilized.
Your message will be rejected if we notice that it appears to contain:
User accounts will be blocked if we become aware that users are participating in:
So, how can you be a power user?
Thank you for reading our Community Standards. Read the full list of posting regulations discovered in our site’s Terms of Use.