Nvidia GPU owners told to update now to patch a range of serious security flaws
Nvidia has released a new patch for its GPU Display Driver for Windows and Linux to fix a handful of rather serious vulnerabilities.
If exploited, the vulnerabilities mostly lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering, which means they are rather serious. Among them is CVE‑2024‑0126, which has a severity score of 8.2 (high severity).
Another six vulnerabilities are scored 7.8, while the final one is scored 7.1. Of the total eight flaws, five affect the Windows ecosystem. They are all user mode layer exploits, in which threat actors could initiate out-of-bound reads and thus execute code remotely. One exploit was for both Windows and Linux.
Smash and grab
The details about the vulnerabilities and how they can be exploited can be found on Nvidia’s security bulletin, here. There was no word of in-the-wild abuse, so we’re guessing crooks haven’t abused these bugs just yet.
However, with Nvidia’s popularity and prevalence, it is now only a matter of time before miscreants start looking for vulnerable endpoints to exploit.