Nvidia has released a new patch for its GPU Display Driver for Windows and Linux to fix a handful of fairly serious vulnerabilities.
If exploited, the vulnerabilities typically lead to code execution, denial of service, escalation of privilege, information disclosure, and data tampering, meaning they are quite serious. One of these is CVE‑2024‑0126, with a severity score of 8.2 (high severity).
Another six vulnerabilities receive a score of 7.8, while the last one receives a score of 7.1. Of the total eight errors, five affect the Windows ecosystem. All are user-mode exploits, where threat actors can initiate out-of-bound reads and thus execute code remotely. One exploit applied to both Windows and Linux.
Break and grab
The details about the vulnerabilities and how they can be exploited can be found in Nvidia’s security bulletin, here. There have been no reports of exploits in the wild yet, so we assume crooks haven’t exploited these bugs yet.
However, with the popularity and prevalence of Nvidia, it is now only a matter of time before miscreants start looking for vulnerable endpoints to exploit.
GPUs are a popular target among cybercriminals, and not just those from Nvidia. For example, in September 2023, security researchers warned about a flaw found in GPUs from all major manufacturers, which allowed hackers to read sensitive data displayed in browsers. Additionally, in June 2024, ARM said it had found vulnerabilities in Bifrost and Valhall GPU kernel drivers that were being exploited in the wild.
The vulnerability was two years old at the time, but many users did not patch it in time.
Performing regular updates to both software and hardware is one of the best ways to prevent cyber attacks. Users are advised to download and install the software update via the Driver Downloads page or, for the vGPU software and Cloud Gaming updates, via the Licensing Portal.