Summary: NVIDIA has released a security bulletin highlighting multiple vulnerabilities in its GPU Display Driver for Windows and Linux, which could allow attackers to execute malicious code and escalate privileges. The most critical vulnerability, CVE-2024-0126, has a CVSS score of 8.2 and poses significant risks, including unauthorized code execution and denial of service attacks.
Threat Actor: Unknown | unknown
Victim: NVIDIA | NVIDIA
Key Point :
- Multiple vulnerabilities in NVIDIA’s GPU Display Driver could allow attackers to execute malicious code and escalate privileges.
- The most severe vulnerability, CVE-2024-0126, has a CVSS score of 8.2 and affects both Windows and Linux platforms.
- Other vulnerabilities, including CVE-2024-0117, could lead to out-of-bounds reads and potential code execution on Windows.
- Affected driver versions include all prior to 566.03 for Windows and 565.57.01 for Linux.
- NVIDIA has provided updates to address these vulnerabilities, urging users to download the latest versions from their Driver Downloads page.
NVIDIA has issued a security bulletin addressing multiple vulnerabilities in its GPU Display Driver for both Windows and Linux. These vulnerabilities, if exploited, could allow attackers to execute malicious code, escalate privileges, and even cause denial of service attacks.
The most severe of the vulnerabilities is CVE-2024-0126, which affects both Windows and Linux platforms. This flaw, with a CVSS score of 8.2, could allow a privileged attacker to escalate permissions, potentially leading to unauthorized code execution. According to the bulletin, “A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.”
Another vulnerability, CVE-2024-0117, affects the Windows platform specifically. This flaw exists in the user-mode layer of the GPU Display Driver and could allow an unprivileged user to cause an out-of-bounds read. With a CVSS score of 7.8, this vulnerability also has the potential to result in code execution, data tampering, and privilege escalation.
Further vulnerabilities, such as CVE-2024-0118, CVE-2024-0119, CVE-2024-0120, and CVE-2024-0121, similarly affect the user-mode layer of the Windows GPU Display Driver, allowing unprivileged users to exploit weaknesses, which may result in a range of security issues, from denial of service to full system compromise.
The affected products include:
- GeForce Windows R565: All driver versions prior to 566.03
- NVIDIA RTX, Quadro, and NVS Windows R565: All driver versions prior to 566.03
- Tesla Windows R565: All driver versions prior to 566.03
For Linux users, the affected driver versions include all versions prior to 565.57.01 in the R565 branch. These vulnerabilities also impact several other branches, such as R550 and R535, both on Windows and Linux platforms.
NVIDIA has already provided updates to address these vulnerabilities. Users should visit the NVIDIA Driver Downloads page to install the latest versions, or for users of vGPU software and cloud gaming, updates can be downloaded through the NVIDIA Licensing Portal.
Related Posts:
Source: https://securityonline.info/nvidia-patches-multi-vulnerabilities-in-windows-and-linux-gpu-drivers