NVIDIA has just released security patches to address eight critical vulnerabilities affecting its graphics card drivers. These security flaws affecting Windows and Linux systems could allow malicious actors with local access to execute malicious code, steal data, or even cause system crashes. The security updates concern the manufacturer's GeForce RTX, Quadro, NVS, and Tesla ranges.
Critical vulnerabilities for virtualized environments
Among these vulnerabilities, two are classified as high severity and require special attention. The first, referenced CVE-2024-0150, concerns a buffer overflow in the display driver. This flaw could allow a system to be compromised, allowing data manipulation and information disclosure. The second, CVE-2024-0146, affects the virtual GPU manager where a compromised guest system could cause memory corruption. This situation could potentially lead to the execution of malicious code and the takeover of the system.
However, these various vulnerabilities can only be exploited by local access, not remotely. Virtualized environments where multiple users share GPU resources are therefore most at risk. In all cases, system administrators and users are strongly advised to download the latest graphics drivers available from NVIDIA and apply these patches without delay to prevent any malicious exploitation. For Windows systems, it is imperative to update the drivers to versions 553.62 (R550 branch) or 539.19 (R535 branch). Linux users should install either 550.144.03 or 535.230.02, depending on the driver branch used.
Source: NVIDIA
0 Comments