Nvidia has rolled out critical security updates for its GPU display drivers and vGPU software, patching seven vulnerabilities that posed various levels of risk to users.
The most severe issues include two high-priority vulnerabilities that could potentially enable information disclosure, data tampering, denial of service attacks, and in one case, even code execution through the vGPU software.
For Windows users, GPU driver versions before 553.62 (R550 branch) and 539.19 (R535 branch) are affected by these security flaws. The update addresses multiple issues across both Windows and Linux platforms.
Among the patched vulnerabilities, CVE-2024-0150 stands out as particularly concerning. This high-severity flaw involves incorrect buffer writing that could lead to unauthorized data access, tampering, and service disruption.
The vGPU software update tackles two distinct issues. The most notable is CVE-2024-0146, which could allow attackers to corrupt GPU memory, potentially leading to code execution and system compromise. A secondary vulnerability, CVE-2024-53881, could enable guest systems to trigger denial of service through interrupt storms on host machines.
Users with GeForce Experience installed should receive automatic update prompts. Those preferring manual installation can obtain the latest secure drivers directly from Nvidia's download portal.
The complete security patch also resolves several medium and low-severity issues, including unauthorized file access on Linux systems and memory-related vulnerabilities that could impact both Windows and Linux platforms.
This update highlights Nvidia's ongoing commitment to addressing security concerns and protecting users from potential exploits across their GPU product line.