Nvidia has pubslihed a new security bulletin highlighting all of the security vulnerabilities its latest 551.61 Game Ready Driver, 474.82, and 474.89 security drivers issued earlier this month. The security bulletin is quite long, highlighting several vulnerabilities that Nvidia’s older drivers are plagued by. So if you are on an older driver it’s worth updating to the latest Nvidia graphics driver your GPU or operating system supports to keep your system safe from hackers.
Nvidia announced a total of eight security vulnerabilities affecting its older GPU drivers. Most of these flaws surround vulnerabilities in the Windows/Linux kernel, Windows user model layer, memory location in Linux, and Nvidia’s vGPU plugin. These flaws can allow an attacker to execute exploits involving code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
CVE ID | Description | Severity |
Nvidia GPU Display Driver: | Row 1 – Cell 1 | Row 1 – Cell 2 |
CVE‑2024‑0071 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds write. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | High |
CVE‑2024‑0073 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer when the driver is performing an operation at a privilege level that is higher than the minimum level required. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | High |
CVE‑2024‑0074 | NVIDIA GPU Display Driver for Linux contains a vulnerability where an attacker may access a memory location after the end of the buffer. A successful exploit of this vulnerability may lead to denial of service and data tampering. | High |
CVE‑2024‑0078 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user in a guest can cause a NULL-pointer dereference in the host, which may lead to denial of service. | Medium |
CVE‑2024‑0075 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user may cause a NULL-pointer dereference by accessing passed parameters the validity of which has not been checked. A successful exploit of this vulnerability may lead to denial of service and limited information disclosure. | Medium |
CVE‑2022‑42265 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause integer overflow, which may lead to denial of service, information disclosure, and data tampering. | Medium |
Nvidia VGPU Software: | Row 8 – Cell 1 | Row 8 – Cell 2 |
CVE‑2024‑0077 | NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, where it allows a guest OS to allocate resources for which the guest OS is not authorized. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | High |
CVE‑024‑0079 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user in a guest VM can cause a NULL-pointer dereference in the host. A successful exploit of this vulnerability may lead to denial of service. | Medium |
All of these security vulnerabilities affect Nvidia driver versions prior to the latest Game Ready driver 551.6.1, and prior to the latest security drivers for older operating systems and GPUs — 474.82 and 474.89. For Nvidia RTX professional GPUs, Quadro GPUs, Tesla GPUs, and NVS, any driver version prior to 538.33 is also affected.
As a result, you should update your graphics drivers to 551.61, 474.82, 474.89, or 538.33 depending on your system. 551.61 is the driver most of you will want to upgrade to, this is the latest version of Nvidia’s Game Ready Drivers and Studio drivers that supports all of Nvidia’s current GPUs.
Drivers 474.82 and 474.89 are security updates for GPUs/operating systems Nvidia no longer supports. 474.82 specifically applies to Kepler GPUs while 474.89 applies to any Nvidia GPU that supports Windows 7 and Windows 8/8.1. 538.33 is a driver exclusive to Nvidia professional GPUs.
On the Linux side, any driver versions prior to 550.54.14, 535.161.07, 470.239.06, 550.54.14, 535.161.07, 470.239.06, 550.54.14, 535.161.07, 470.239.06 are affected by the same vulnerabilities.