NVIDIA GPU Display Drivers Vulnerability Lets Attackers Access Files Remotely

NVIDIA has issued a critical security update to address multiple vulnerabilities in its GPU Display Driver and vGPU software, affecting both Windows and Linux systems.

Among these is CVE‑2024‑0149, a vulnerability in the NVIDIA GPU Display Driver for Linux that could allow attackers unauthorized access to files.

These vulnerabilities, disclosed in January 2025, pose risks such as denial of service (DoS), data tampering, information disclosure, and even code execution.

Users are strongly advised to update their drivers via the NVIDIA Driver Downloads page or the NVIDIA Licensing Portal for vGPU software.

Details of Vulnerabilities

The security update addresses seven key vulnerabilities, categorized by severity levels:

High-Severity Vulnerabilities:

• CVE-2024-0150: A buffer overflow vulnerability in the GPU Display Driver for Windows and Linux allows data to be written beyond allocated memory. This can lead to information disclosure, DoS, or data tampering (CVSS score: 7.1).
• CVE-2024-0146: Found in the Virtual GPU Manager of vGPU software, this flaw allows a malicious guest to cause memory corruption, potentially resulting in code execution, DoS, or data tampering (CVSS score: 7.8).

Medium-Severity Vulnerabilities:

• CVE-2024-0147: Occurs when referencing freed memory in the GPU Display Driver for Windows and Linux. Exploitation could lead to DoS or data tampering (CVSS score: 5.5).
• CVE-2024-53869: A vulnerability in the Unified Memory driver for Linux could leak uninitialized memory, leading to information disclosure (CVSS score: 5.5).
• CVE-2024-53881: Found in the host driver of vGPU software, this flaw enables a guest to create an interrupt storm on the host system, causing DoS (CVSS score: 5.5).
• CVE-2024-0131: A buffer handling issue in the GPU kernel driver for Windows and Linux allows attackers to read buffers with incorrect lengths, potentially leading to DoS (CVSS score: 4.4).

Low-Severity Vulnerability:

• CVE-2024-0149: A flaw in the Linux GPU Display Driver permits unauthorized file access, leading to limited information disclosure (CVSS score: 3.3).

The vulnerabilities affect a broad range of NVIDIA products across different driver branches:

Windows Drivers: GeForce, NVIDIA RTX/Quadro/NVS, and Tesla GPUs are impacted across R535, R550, R560, R565, and R570 branches. Updated versions include R535 (539.19), R550 (553.62), and R570 (572.16).

Linux Drivers: Similar issues affect Linux drivers in branches R535, R550, and R570. Updated versions include R535 (535.230.02), R550 (550.144.03), and R570 (570.86.16).

For vGPU software users, affected components include guest drivers and Virtual GPU Manager across platforms like Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux KVM, and Azure Local.

Mitigation Measures

NVIDIA recommends immediate installation of updated drivers to mitigate these risks.

Users should consult their IT professionals to evaluate their specific configurations and apply appropriate updates.

Acknowledgments were extended to researchers Xiaochen Zou and Wolfgang Frisch for reporting several vulnerabilities.

This update underscores the importance of proactive security measures in safeguarding systems against potential exploits targeting GPU hardware and virtualization environments.

Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN Sandox -> Try for Free