Nvidia Security Warning—Act Now As 7 New GPU Vulnerabilities Confirmed

1 year ago 139

Nvidia says update now as GPU vulnerabilities confirmed.

NurPhoto via Getty Images

It was the best of times, and then DeepSeek burst onto the AI scene and caused the biggest market loss in history for Nvidia. Now it’s the worst of times, but not just in terms of the U.S. AI business sector and tech stocks, but also for Nvidia GPU users as seven new security vulnerabilities have been confirmed. Here’s what you need to know and do right now to stay safe in these turbulent times.

ForbesNew FBI Warning—Disable Local Admin Accounts As Attacks ContinueBy Davey Winder

Nvidia Confirms Seven GPU Security Vulnerabilities

A Jan. 27 security bulletin from Nvidia has confirmed a total of seven vulnerabilities, one low, three medium and three high-severity rated, impacting the Nvidia GPU display driver. “To protect your system,” Nvidia warned, “download and install this security update,” and do it now if you want to stay safe from denial of service attacks, inform action disclosure and data tampering.

The seven vulnerabilities confirmed in the Nvidia security bulletin, in order of severity rating, are as follows.

High Severity Nvidia GPU Vulnerabilities

  • CVE‑2024‑0131: A 7.8 severity GPU kernel driver for Windows and Linux vulnerability that could allow a potential user-mode attacker to read a buffer with an incorrect length, leading to a denial of service attack if successful.
  • CVE‑2024‑0146: Another 7.8 severity vulnerability, this time within the Virtual GPU Manager, which could lead to memory corruption and ultimately has the potential to enable a malicious guest user to exploit code execution, denial of service, information disclosure, or data tampering.
  • CVE‑2024‑0150: A 7.1 severity GPU display driver for Windows and Linux vulnerability involving data being written past the end or before the beginning of a buffer. This could lead to information disclosure, denial of service or data tampering if an attacker was successful in exploiting the vulnerability.

Medium Severity Nvidia GPU Vulnerabilities

  • CVE‑2024‑0147: A 5.5 severity vulnerability in the GPU display driver for Windows and Linux that allows memory to be referenced after it has been freed and, if exploited, could lead to a denial of service attack or data tampering.
  • CVE‑2024‑53869: Another 5.5 on the severity scale, this time an uninitialized memory in the unified memory driver for Linux that could lead to information disclosure.
  • CVE‑2024‑53881: The final 5.5 rated vulnerability, impacting vGPU software and the host driver, “where it can allow a guest to cause an interrupt storm on the host,” Nvidia said, which can lead to another denial of service attack.

Low Severity Nvidia GPU Vulnerability

  • CVE‑2024‑0149: A 3.3 severity vulnerability in the GPU Display Driver for Linux could allow an attacker unauthorized access to files.

ForbesDon’t Complete The CAPTCHA Test—New Windows Password Theft WarningBy Davey Winder

Update Now, Nvidia Said—Here’s How

While Nvidia said that risk assessments within the security bulletin are based on “an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation,” it nonetheless warned users that “to protect your system, download and install this software update…” If in any doubt, Nvidia added, consult a security or IT professional to evaluate the risk to your specific configuration. Personally, I’d go straight for the security update unless there’s something particularly complex about your system that is holding you back.

Nvidia users can download and install the latest security updates to patch these seven vulnerabilities by using the Nvidia Driver downloads page. Users of vGPU software and cloud gaming can also use the Nvidia Licensing Portal for updates, the bulletin said.

Follow me on Twitter or LinkedInCheck out my website or some of my other work here

Read Entire Article