NVIDIA GPU Vulnerabilities Allow Attackers To Execute Remote Code on Windows & Linux
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
NVIDIA released a critical security update for its GPU Display Driver to fix vulnerabilities that could enable remote code execution, privilege escalation, and other serious risks on Windows and Linux systems. Users are strongly advised to update promptly.
The NVIDIA GPU Display Driver is essential software that enables an operating system to communicate with an NVIDIA graphics card, allowing it to handle complex graphics rendering, hardware acceleration, and display management.
It ensures smooth performance in visual tasks like gaming and video editing by supporting graphics APIs like DirectX and OpenGL, optimizing for specific applications, and providing regular updates for enhanced performance and security.
The update, released on October 22, 2024, is designed to mitigate several high-severity vulnerabilities identified in the driver. Updates for vGPU software and Cloud Gaming can be accessed through the NVIDIA Licensing Portal.
Vulnerability Details
The security bulletin highlights several vulnerabilities with varying impacts:
CVEs Addressed in Each Windows Driver Branch
The following table lists the CVEs addressed by the update in each Windows driver branch:
Windows Driver Branch CVEs Addressed R565, R560, R555, R550, R535CVE‑2024‑0117, CVE‑2024‑0118, CVE‑2024‑0119, CVE‑2024‑0120, CVE‑2024‑0121, CVE‑2024‑0126
Security Updates for NVIDIA GPU Windows Display Driver
The following table lists the affected NVIDIA software products and their updated versions:
Software Product Operating System Driver Branch Affected Driver Versions Updated Driver Version GeForceWindowsR565All versions prior to 566.03566.03NVIDIA RTX, Quadro, NVSWindowsR565All versions prior to 566.03566.03R550All versions prior to 553.24553.24R535All versions prior to 538.95538.95TeslaWindowsR565All versions prior to 566.03566.03R550All versions prior to 553.24553.24R535All versions prior to 538.95538.95
CVEs Addressed in Each Linux Driver Branch
The following table lists the CVEs addressed by the update in each Linux driver branch:
Linux Driver Branch CVEs Addressed R565, R550, R535CVE‑2024‑0126
Affected Components and Updated Versions for Linux
The following table lists affected NVIDIA software products on Linux and their updated versions:
Software Product Operating System Driver Branch Affected Driver Versions Updated Driver Version GeForceLinuxR565All versions prior to 565.57.01565.57.01R550All versions prior to 550.127.05550.127.05R535All versions prior to 535.216.01535.216.01NVIDIA RTX, Quadro, NVSLinuxR565All versions prior to 565.57.01565.57.01R550All versions prior to 550.127.05550.127.05R535All versions prior to 535.216.01535.216.01TeslaLinuxR550All versions prior to 550.127.05550.127.05R535All versions prior to 535.216.01535.216.01
NVIDIA urges all users to apply these updates promptly to protect their systems from potential exploits. Users are strongly advised to download and install the update from the NVIDIA Driver Downloads page.
Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!
#Cyber_Attack #Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
NVIDIA GPU Vulnerabilities Allow Attackers To Execute Remote Code on Windows & Linux
Author: Balaji NNVIDIA released a critical security update for its GPU Display Driver to fix vulnerabilities that could enable remote code execution, privilege escalation, and other serious risks on Windows and Linux systems. Users are strongly advised to update promptly.
The NVIDIA GPU Display Driver is essential software that enables an operating system to communicate with an NVIDIA graphics card, allowing it to handle complex graphics rendering, hardware acceleration, and display management.
It ensures smooth performance in visual tasks like gaming and video editing by supporting graphics APIs like DirectX and OpenGL, optimizing for specific applications, and providing regular updates for enhanced performance and security.
The update, released on October 22, 2024, is designed to mitigate several high-severity vulnerabilities identified in the driver. Updates for vGPU software and Cloud Gaming can be accessed through the NVIDIA Licensing Portal.
Vulnerability Details
The security bulletin highlights several vulnerabilities with varying impacts:
- CVE‑2024‑0126 : This vulnerability affects both Windows and Linux versions of the NVIDIA GPU Display Driver. It allows a privileged attacker to escalate permissions, potentially leading to code execution, denial of service, information disclosure, and data tampering. The vulnerability is rated with a CVSS base score of 8.2, categorized as High severity.
- CVE‑2024‑0117 to CVE‑2024‑0121 : These vulnerabilities are found in the user mode layer of the Windows driver version. They permit an unprivileged user to cause an out-of-bounds read, which could lead to similar impacts as CVE-2024-0126. Each vulnerability carries a CVSS base score of 7.8 and is rated high severity.
CVEs Addressed in Each Windows Driver Branch
The following table lists the CVEs addressed by the update in each Windows driver branch:
Windows Driver Branch CVEs Addressed R565, R560, R555, R550, R535CVE‑2024‑0117, CVE‑2024‑0118, CVE‑2024‑0119, CVE‑2024‑0120, CVE‑2024‑0121, CVE‑2024‑0126
Security Updates for NVIDIA GPU Windows Display Driver
The following table lists the affected NVIDIA software products and their updated versions:
Software Product Operating System Driver Branch Affected Driver Versions Updated Driver Version GeForceWindowsR565All versions prior to 566.03566.03NVIDIA RTX, Quadro, NVSWindowsR565All versions prior to 566.03566.03R550All versions prior to 553.24553.24R535All versions prior to 538.95538.95TeslaWindowsR565All versions prior to 566.03566.03R550All versions prior to 553.24553.24R535All versions prior to 538.95538.95
CVEs Addressed in Each Linux Driver Branch
The following table lists the CVEs addressed by the update in each Linux driver branch:
Linux Driver Branch CVEs Addressed R565, R550, R535CVE‑2024‑0126
Affected Components and Updated Versions for Linux
The following table lists affected NVIDIA software products on Linux and their updated versions:
Software Product Operating System Driver Branch Affected Driver Versions Updated Driver Version GeForceLinuxR565All versions prior to 565.57.01565.57.01R550All versions prior to 550.127.05550.127.05R535All versions prior to 535.216.01535.216.01NVIDIA RTX, Quadro, NVSLinuxR565All versions prior to 565.57.01565.57.01R550All versions prior to 550.127.05550.127.05R535All versions prior to 535.216.01535.216.01TeslaLinuxR550All versions prior to 550.127.05550.127.05R535All versions prior to 535.216.01535.216.01
NVIDIA urges all users to apply these updates promptly to protect their systems from potential exploits. Users are strongly advised to download and install the update from the NVIDIA Driver Downloads page.
Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!
#Cyber_Attack #Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
