Nvidia: Rights escalation possible due to vulnerabilities in graphics drivers
Nvidia warns of several security vulnerabilities in the graphics drivers, which allow, for example, the expansion of rights. Updates are available.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Nvidia has discovered security vulnerabilities in the drivers for its graphics cards. Among other things, they allow attackers to extend their rights in the system. Updated drivers are available to fix the vulnerabilities.
Nvidia lists the individual vulnerabilities and their effects in a security release. They affect Geforce graphics cards as well as Nvidia Quadro, RTX, NVS and cards with Tesla streaming processors. The drivers are vulnerable in both Linux and Windows versions.
Nvidia drivers: high-risk security vulnerabilities
Nvidia is discreetly withholding information on the vulnerabilities themselves. The developers describe the most serious vulnerability as follows: Nvidia GPU display drivers for Linux and Windows contain a vulnerability that allows attackers with access rights to extend their privileges. Successful misuse of the vulnerability could lead to code execution, denial of service, privilege escalation, information leakage or data manipulation (CVE-2024-0126, CVSS 8.2, risk"high"). However, there are no details as to what exactly the vulnerability is and how it can be abused, what attacks would look like and how those affected could recognize them.
Videos by heise
According to the report, there are a further five vulnerabilities in the Windows driver in the user mode code, which allow users without significant rights in the system to gain read access outside the intended limits (CVE-2024-0117, CVE-2024-0118, CVE-2024-0119, CVE-2024-0120, CVE-2024-0121; all CVSS 7.8, high). The impact is essentially the same as for the most serious vulnerability.
Two other vulnerabilities affect Nvidia's vGPU software. In the GPU kernel driver, users of the guest operating system can trigger insufficient input validation by compromising the guest system kernel and thereby execute code, escalate privileges, manipulate data, provoke a denial of service or read unauthorized information (CVE-2024-0127, CVSS 7.8, high). Another vulnerability allows malicious actors to access global resources from the guest operating system (CVE-2024-0128, CVSS 7.1, high).
The security leaks fix the Geforce drivers for Windows in version 566.03 and for the RTX, Quadro, NVS and Tesla cards in versions 566.03, 553.24 and 538.95. For Linux, the corrected driver versions 565.57.01, 550.127.05 and 535.216.01 are available for Geforce and RTX, Quadro and NVS systems. For the Tesla accelerators, only the versions 550.127.05 and 535.216.01 are available, which correct the problems.
The vGPU software on version 16.8 with driver version 538.95 (Windows) or 535.216.01 (Linux) and 17.4 with driver versions 553.24 (Windows), 550.127.05 (Linux), 550.127.06 (Citrix, VMware, RHEL KVM, Ubuntu) and 553.20 (Azure Stack HCI) or newer contain the fixes for the vGPU gaps and the aforementioned operating system-specific driver vulnerabilities.
Nvidia also released driver updates in July that plugged security gaps. These enabled attacks on PCs with Geforce or RTX graphics cards, for example.
(dmk)
