Uncategorized

NVIDIA GPU Display Driver Security Vulnerability – October 2024

Posted on by Massed Compute
04
Nov

NVIDIA recently posted a security bulletin that illustrates several critical vulnerabilities found with NVIDIA drivers. Here is a basic summary of the key points:

Affected Components

  • NVIDIA GPU Display Driver: Vulnerabilities affect both Windows and Linux versions.
    • CVE-2024-0117, CVE-2024-0118, CVE-2024-0119, CVE-2024-0120, CVE-2024-0121: These vulnerabilities in the user mode layer of the Windows driver allow an unprivileged user to cause an out-of-bounds read, potentially leading to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. Severity: High, CVSS v3.1 base score: 7.8
    • CVE-2024-0126: This vulnerability affects both Windows and Linux drivers, allowing a privileged attacker to escalate permissions, which could result in code execution, denial of service, escalation of privileges, information disclosure, and data tampering. Severity: High, CVSS v3.1 base score: 8.2
  • NVIDIA vGPU Software
    • CVE-2024-0127: A vulnerability in the GPU kernel driver of the vGPU Manager for all supported hypervisors allows a guest OS user to cause improper input validation, potentially leading to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. Severity: High, CVSS v3.1 base score: 7.8
    • CVE-2024-0128: This vulnerability in the Virtual GPU Manager allows a guest OS user to access global resources, potentially leading to escalation of privileges, information disclosure, and data tampering. Severity: High, CVSS v3.1 base score: 7.1

Mitigation and Updates

We have updated all of our Virtual Machines and some bare metal servers that are rented going forward. If you are currently a customer looking to patch this security vulnerability, please reach out. Note that upgrading the drivers requires some reboots of your host machine. We can help coordinate with you and your team to make sure there is little downtime as possible while updating drivers.

 

Source: NVIDIA Security Bulletin: https://nvidia.custhelp.com/app/answers/detail/a_id/5586

.

Massed Compute