Nvidia has announced fixes for several critical security vulnerabilities in its graphics drivers and virtual GPU management software. These vulnerabilities affect Windows and Linux operating systems.
Image source: NVIDIA
Nvidia’s latest software updates address several security vulnerabilities that could allow attackers with local access to execute malicious code, steal data, or crash affected systems. Among the fixes, two high-severity vulnerabilities stand out. The first, labeled CVE-2024-0150, is related to a buffer overflow in the GPU display driver, which can lead to system compromise due to data tampering and information disclosure. The second critical issue tagged CVE-2024-0146 affects the Virtual GPU Manager, where a compromised guest system can cause memory corruption, potentially leading to malicious code execution and system takeover.
Nvidia recommends that Windows users update to at least driver version 553.62 (R550) or driver version 539.19 (R535). Linux users need to install driver version 550.144.03 or 535.230.02 depending on the driver branch.
The updates cover the Nvidia RTX, Quadro, NVS and Tesla product lines. Enterprise environments using Nvidia virtualization technologies may face additional risks without the latest security updates. In particular, a vulnerability labeled CVE-2024-53881 allows guest systems to interrupt the connection of host machines, which can lead to system failures. To fix these security vulnerabilities, virtual GPU software users should update to driver version 17.5 (550.144.02) or 16.9 (535.230.02).
The company explains that the vulnerabilities target systems to which attackers have local access. However, in virtual environments where multiple users share GPU resources, these vulnerabilities pose a significant security risk. System administrators can download security updates from Nvidia’s driver download page. Enterprise customers of vGPU environments must obtain patches through the Nvidia Licensing Portal. The company recommends that these updates be installed on all affected systems immediately.