Nvidia GPU owners told to update now to patch a range of serious security flaws

The Nvidia Logo on a dark background
(Image credit: Jakub Porzycki/NurPhoto via Getty Images)

Nvidia has released a new patch for its GPU Display Driver for Windows and Linux to fix a handful of rather serious vulnerabilities.

If exploited, the vulnerabilities mostly lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering, which means they are rather serious. Among them is CVE‑2024‑0126, which has a severity score of 8.2 (high severity).

Another six vulnerabilities are scored 7.8, while the final one is scored 7.1. Of the total eight flaws, five affect the Windows ecosystem. They are all user mode layer exploits, in which threat actors could initiate out-of-bound reads and thus execute code remotely. One exploit was for both Windows and Linux.

Smash and grab

The details about the vulnerabilities and how they can be exploited can be found on Nvidia’s security bulletin, here. There was no word of in-the-wild abuse, so we’re guessing crooks haven’t abused these bugs just yet.

However, with Nvidia’s popularity and prevalence, it is now only a matter of time before miscreants start looking for vulnerable endpoints to exploit.

GPUs are a popular target among cybercriminals, and not just those built by Nvidia. For example, in September 2023, security researchers warned of a flaw found in GPUs from all major manufacturers, which allowed hackers to read sensitive data displayed in browsers. Furthermore, in June 2024, ARM said it had found vulnerabilities in Bifrost and Valhall GPU kernel drivers being exploited in the wild.

At the time, the vulnerability was two years old, yet many users did not patch it on time.

Running regular updates to both software and hardware is one of the best ways to prevent cyberattacks. Users are advised to download and install the software update through the Driver Downloads page or, for the vGPU software and Cloud Gaming updates, through the Licensing Portal.

More from TechRadar Pro

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.