Nvidia: Data leakage possible due to security leak in graphics driver

Security vulnerabilities in Nvidia graphics drivers jeopardize the security of PCs. Attackers can use vulnerabilities to read or change information without authorization or paralyse systems with denial-of-service attacks.

In a security announcement, Nvidia's developers list several security vulnerabilities that attackers can abuse and for which updates are now available to close them. The serious vulnerability in the Nvidia GPU display drivers for Linux and Windows is based on a bug that causes data to be written beyond the end or before the beginning of a buffer. As a result, unauthorized access to information can occur, data can change or the system can be brought to a standstill via DoS (CVE-2024-0150, CVSS 7.1, risk"high").

Virtual GPUs also vulnerable

Nvidia also offers drivers for virtual GPUs, in which Nvidia GPUs are located in data centers or servers and can be used by workstations as virtual graphics cards for calculations. There is a security vulnerability in the Virtual GPU Manager where malicious guests can provoke memory violations. Among other things, this allows them to inject and execute malicious code, paralyze the system or read and manipulate data (CVE-2024-0146, CVSS 7.8, high).

Both drivers have other vulnerabilities that are classified as less risky, which Nvidia's developers are patching with updated software versions. The Windows driver versions 553.62 and 539.19 as well as the Linux versions 550.144.03 and 535.230.02 correct the errors. These are also the corrected versions for the virtual guest drivers of the vGPU solutions. In addition, the vGPU software must be updated to version 17.5 or 16.9 in order to correct the vulnerabilities. The software can be downloaded from the Nvidia download page.

Vulnerabilities affect graphics drivers as well as other software. Last October, for example, Nvidia patched vulnerabilities in the graphics card drivers that allowed attackers to extend their rights in the system.

(dmk)