NVIDIA fixes high-risk vulnerabilities in GPU drivers that allow code execution and data theft

With a new security update, NVIDIA has fixed several vulnerabilities in its graphics drivers that could have potentially led to data leaks and system compromises. In particular, two vulnerabilities classified as “high”, which pose significant risks to users, have been closed.

Focus on critical security vulnerabilities

The most serious vulnerability (CVE-2024-0150) concerns a “buffer overflow” in the GPU display drivers. This vulnerability could allow attackers to overwrite memory buffers, which in the worst case could allow a comprehensive system takeover. As a result, personal or business data could have been compromised or manipulated. A vulnerability in the Virtual GPU Manager software is also of great importance. This could lead to memory corruption, allowing a malicious guest system to execute malicious code or manipulate sensitive data. In addition, six other medium-severity vulnerabilities have been fixed, although NVIDIA does not provide any further technical details. Apparently, these vulnerabilities affect rather specific application scenarios and are likely to be of less relevance for average users.

Affected products and required measures

NVIDIA states that the vulnerabilities affect a wide range of products. These include:

• GeForce graphics cards for consumers
• Professional RTX and Quadro models
• NVS product series for business applications
• Tesla accelerators for data centers

To close the security gaps, users must update to the latest driver versions. Windows users should upgrade to version 553.62 or 539.19. On Linux, versions 550.144.03 or 535.230.02 are required, although the exact version may vary depending on the driver branch used.

Recommended action for users

It is recommended to update the drivers as soon as possible to minimize the risk of exploiting the vulnerabilities. Updates are available via the official NVIDIA website or the GeForce Experience software. Companies and professional users should also check their systems for potential security vulnerabilities and consider further protective measures if necessary. With the current driver update, NVIDIA closes several security vulnerabilities that could have had serious consequences for users. In particular, fixing the two “high” rated vulnerabilities underlines the importance of regular updates to protect systems from potential attacks. Users should install the new drivers as soon as possible to avoid taking unnecessary risks.

Source: TechPowerUP