Saturday, February 8, 2025
Homecyber securityNVIDIA GPU Display Drivers Vulnerability Lets Attackers Access Files Remotely

NVIDIA GPU Display Drivers Vulnerability Lets Attackers Access Files Remotely

Published on

SIEM as a Service

Follow Us on Google News

NVIDIA has issued a critical security update to address multiple vulnerabilities in its GPU Display Driver and vGPU software, affecting both Windows and Linux systems.

Among these is CVE‑2024‑0149, a vulnerability in the NVIDIA GPU Display Driver for Linux that could allow attackers unauthorized access to files.

These vulnerabilities, disclosed in January 2025, pose risks such as denial of service (DoS), data tampering, information disclosure, and even code execution.

Users are strongly advised to update their drivers via the NVIDIA Driver Downloads page or the NVIDIA Licensing Portal for vGPU software.

Details of Vulnerabilities

The security update addresses seven key vulnerabilities, categorized by severity levels:

High-Severity Vulnerabilities:

  • CVE-2024-0150: A buffer overflow vulnerability in the GPU Display Driver for Windows and Linux allows data to be written beyond allocated memory. This can lead to information disclosure, DoS, or data tampering (CVSS score: 7.1).
  • CVE-2024-0146: Found in the Virtual GPU Manager of vGPU software, this flaw allows a malicious guest to cause memory corruption, potentially resulting in code execution, DoS, or data tampering (CVSS score: 7.8).

Medium-Severity Vulnerabilities:

  • CVE-2024-0147: Occurs when referencing freed memory in the GPU Display Driver for Windows and Linux. Exploitation could lead to DoS or data tampering (CVSS score: 5.5).
  • CVE-2024-53869: A vulnerability in the Unified Memory driver for Linux could leak uninitialized memory, leading to information disclosure (CVSS score: 5.5).
  • CVE-2024-53881: Found in the host driver of vGPU software, this flaw enables a guest to create an interrupt storm on the host system, causing DoS (CVSS score: 5.5).
  • CVE-2024-0131: A buffer handling issue in the GPU kernel driver for Windows and Linux allows attackers to read buffers with incorrect lengths, potentially leading to DoS (CVSS score: 4.4).

Low-Severity Vulnerability:

  • CVE-2024-0149: A flaw in the Linux GPU Display Driver permits unauthorized file access, leading to limited information disclosure (CVSS score: 3.3).

The vulnerabilities affect a broad range of NVIDIA products across different driver branches:

Windows Drivers: GeForce, NVIDIA RTX/Quadro/NVS, and Tesla GPUs are impacted across R535, R550, R560, R565, and R570 branches. Updated versions include R535 (539.19), R550 (553.62), and R570 (572.16).

Linux Drivers: Similar issues affect Linux drivers in branches R535, R550, and R570. Updated versions include R535 (535.230.02), R550 (550.144.03), and R570 (570.86.16).

For vGPU software users, affected components include guest drivers and Virtual GPU Manager across platforms like Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux KVM, and Azure Local.

Mitigation Measures

NVIDIA recommends immediate installation of updated drivers to mitigate these risks.

Users should consult their IT professionals to evaluate their specific configurations and apply appropriate updates.

Acknowledgments were extended to researchers Xiaochen Zou and Wolfgang Frisch for reporting several vulnerabilities.

This update underscores the importance of proactive security measures in safeguarding systems against potential exploits targeting GPU hardware and virtualization environments.

Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN Sandox -> Try for Free

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...

Hackers Leveraging Image & Video Attachments to Deliver Malware

Cybercriminals are increasingly exploiting image and video files to deliver malware, leveraging advanced techniques...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...