In a recent development, Nvidia has released a security update for its GPU drivers, addressing multiple vulnerabilities in versions designed for both Windows and Linux systems. These vulnerabilities, if exploited, could potentially lead to data leaks, system malfunctions, or unauthorized access to files. It is strongly advised for owners of Nvidia video cards to promptly install these updates in order to mitigate any potential risks.
Among the critical vulnerabilities is CVE-2024-0150, which has been assigned a CVSS rating of 7.1. This flaw is related to improper handling of memory, allowing data to be written beyond buffer boundaries, thereby compromising information security and potentially enabling data interception or system malfunctions.
Another notable vulnerability, CVE-2024-0147 with a CVSS rating of 5.5, involves the improper use of memory after it has been released (USE-After-Free). Such a flaw could result in system errors or data manipulation, posing a significant risk to users, especially those working with sensitive programs.
For Linux versions of the drivers, a vulnerability identified as CVE-2024-53869 (CVSS rating: 5.5) pertains to the Unified Memory module. This flaw allowed unauthorized access to unallocated memory, potentially leading to the exposure of confidential data.
Additionally, vulnerability CVE-2024-0131 (CVSS: 4.4) affects both Windows and Linux drivers, involving the reading of a buffer with an incorrect length that could result in denial of service. While the risk level of this vulnerability is moderate, users are advised to update their systems to prevent any potential issues.
Furthermore, in the Linux version, a vulnerability identified as CVE-2024-0149 (CVSS: 3.3) was discovered, allowing unauthorized access to files, posing a security risk to users.
Moreover, vulnerabilities were also found in the NVIDIA VGPU software used in virtualized environments. One of the critical vulnerabilities, CVE-2024-0146 (CVSS: 7.8), discovered in the Virtual GPU Manager, could enable a hacker from the guest system to cause memory damage to the host, potentially resulting in code execution, system malfunctions, information leakage, or data alteration.
Another significant issue, CVE-2024-53881 (CVSS: 5.5 rating), affecting the NVIDIA VGPU host driver, permitted the guest system to generate excessive interruptions on the host, leading to system overload and denial of service. Despite being of moderate risk level, in virtualized environments, this vulnerability could have serious repercussions.
In response to these