From www.tomshardware.com

GeForce RTX 4090

(Image credit: Nvidia)

Nvidia has pubslihed a new security bulletin highlighting all of the security vulnerabilities its latest 551.61 Game Ready Driver, 474.82, and 474.89 security drivers issued earlier this month. The security bulletin is quite long, highlighting several vulnerabilities that Nvidia’s older drivers are plagued by. So if you are on an older driver it’s worth updating to the latest Nvidia graphics driver your GPU or operating system supports to keep your system safe from hackers.

Nvidia announced a total of eight security vulnerabilities affecting its older GPU drivers. Most of these flaws surround vulnerabilities in the Windows/Linux kernel, Windows user model layer, memory location in Linux, and Nvidia’s vGPU plugin. These flaws can allow an attacker to execute exploits involving code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Swipe to scroll horizontally

Security Bulletin: NVIDIA GPU Display Driver – February 2024
CVE IDDescriptionSeverity
Nvidia GPU Display Driver:Row 1 – Cell 1 Row 1 – Cell 2
CVE‑2024‑0071NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds write. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.High
CVE‑2024‑0073NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer when the driver is performing an operation at a privilege level that is higher than the minimum level required. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.High
CVE‑2024‑0074NVIDIA GPU Display Driver for Linux contains a vulnerability where an attacker may access a memory location after the end of the buffer. A successful exploit of this vulnerability may lead to denial of service and data tampering.High
CVE‑2024‑0078NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user in a guest can cause a NULL-pointer dereference in the host, which may lead to denial of service.Medium
CVE‑2024‑0075NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user may cause a NULL-pointer dereference by accessing passed parameters the validity of which has not been checked. A successful exploit of this vulnerability may lead to denial of service and limited information disclosure.Medium
CVE‑2022‑42265NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause integer overflow, which may lead to denial of service, information disclosure, and data tampering.Medium
Nvidia VGPU Software:Row 8 – Cell 1 Row 8 – Cell 2
CVE‑2024‑0077NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, where it allows a guest OS to allocate resources for which the guest OS is not authorized. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.High
CVE‑024‑0079NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user in a guest VM can cause a NULL-pointer dereference in the host. A successful exploit of this vulnerability may lead to denial of service.Medium

All of these security vulnerabilities affect Nvidia driver versions prior to the latest Game Ready driver 551.6.1, and prior to the latest security drivers for older operating systems and GPUs — 474.82 and 474.89. For Nvidia RTX professional GPUs, Quadro GPUs, Tesla GPUs, and NVS, any driver version prior to 538.33 is also affected.

As a result, you should update your graphics drivers to 551.61, 474.82, 474.89, or 538.33 depending on your system. 551.61 is the driver most of you will want to upgrade to, this is the latest version of Nvidia’s Game Ready Drivers and Studio drivers that supports all of Nvidia’s current GPUs.

Drivers 474.82 and 474.89 are security updates for GPUs/operating systems Nvidia no longer supports. 474.82 specifically applies to Kepler GPUs while 474.89 applies to any Nvidia GPU that supports Windows 7 and Windows 8/8.1. 538.33 is a driver exclusive to Nvidia professional GPUs.

On the Linux side, any driver versions prior to 550.54.14, 535.161.07, 470.239.06, 550.54.14, 535.161.07, 470.239.06, 550.54.14, 535.161.07, 470.239.06 are affected by the same vulnerabilities.

Join the experts who read Tom’s Hardware for the inside track on enthusiast PC tech news — and have for over 25 years. We’ll send breaking news and in-depth reviews of CPUs, GPUs, AI, maker hardware and more straight to your inbox.

Aaron Klotz is a freelance writer for Tom’s Hardware US, covering news topics related to computer hardware such as CPUs, and graphics cards.

[ For more curated Computing news, check out the main news page here]

The post Nvidia publishes eight security flaws patched by new drivers — update to fix the issues | Tom’s Hardware first appeared on www.tomshardware.com

New reasons to get excited everyday.



Get the latest tech news delivered right in your mailbox

You may also like

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments

More in computing