Nvidia has released an urgent security update for its GPU display drivers, addressing multiple high-severity vulnerabilities that could potentially expose users to serious security risks. This comprehensive patch tackles eight critical security flaws affecting both Windows and Linux systems.
Security Vulnerabilities Overview
The most severe vulnerability, identified as CVE-2024-0126, carries a high severity score of 8.2. The remaining vulnerabilities aren't far behind, with six rated at 7.8 and one at 7.1 on the severity scale. These security flaws could enable malicious actors to execute unauthorized code, escalate privileges, tamper with data, and potentially cause system-wide denial of service attacks.
Windows and Linux Impact
Five of the identified vulnerabilities specifically target Windows systems through user mode layer exploits, potentially allowing attackers to perform out-of-bounds reads and execute malicious code. One particularly concerning vulnerability affects both Windows and Linux systems, enabling privileged attackers to escalate permissions within the application environment.
vGPU Software Vulnerabilities
Two distinct vulnerabilities have been identified in Nvidia's vGPU software. The more severe of these involves the GPU kernel driver, where improper input validation could compromise the guest OS kernel. The second vulnerability affects the Virtual GPU Manager, potentially allowing unauthorized access to global system resources beyond the intended vGPU Software boundaries.
Immediate Action Required
While there are currently no reports of these vulnerabilities being exploited in the wild, the high severity ratings make immediate updates crucial for all Nvidia GPU users. Users can obtain the latest security patches through Nvidia's official Driver Downloads page, while vGPU software and Cloud Gaming updates are available through the Licensing Portal.
Impact on Legacy Systems
Organizations and users relying on older Nvidia GPU drivers for compatibility reasons may face challenges with this mandatory update. However, given the severity of these security flaws, especially for systems handling sensitive information, the benefits of updating significantly outweigh any potential compatibility concerns.