NVIDIA released a critical security update for its GPU Display Driver to fix vulnerabilities that could enable remote code execution, privilege escalation, and other serious risks on Windows and Linux systems. Users are strongly advised to update promptly.
The NVIDIA GPU Display Driver is essential software that enables an operating system to communicate with an NVIDIA graphics card, allowing it to handle complex graphics rendering, hardware acceleration, and display management.
It ensures smooth performance in visual tasks like gaming and video editing by supporting graphics APIs like DirectX and OpenGL, optimizing for specific applications, and providing regular updates for enhanced performance and security.
The update, released on October 22, 2024, is designed to mitigate several high-severity vulnerabilities identified in the driver. Updates for vGPU software and Cloud Gaming can be accessed through the NVIDIA Licensing Portal.
Vulnerability Details
The security bulletin highlights several vulnerabilities with varying impacts:
- CVE‑2024‑0126: This vulnerability affects both Windows and Linux versions of the NVIDIA GPU Display Driver. It allows a privileged attacker to escalate permissions, potentially leading to code execution, denial of service, information disclosure, and data tampering. The vulnerability is rated with a CVSS base score of 8.2, categorized as High severity.
- CVE‑2024‑0117 to CVE‑2024‑0121: These vulnerabilities are found in the user mode layer of the Windows driver version. They permit an unprivileged user to cause an out-of-bounds read, which could lead to similar impacts as CVE-2024-0126. Each vulnerability carries a CVSS base score of 7.8 and is rated high severity.
Protecting Your Networks & Endpoints With UnderDefense MDR – Request Free Demo
CVEs Addressed in Each Windows Driver Branch
The following table lists the CVEs addressed by the update in each Windows driver branch:
| Windows Driver Branch | CVEs Addressed |
|---|---|
| R565, R560, R555, R550, R535 | CVE‑2024‑0117, CVE‑2024‑0118, CVE‑2024‑0119, CVE‑2024‑0120, CVE‑2024‑0121, CVE‑2024‑0126 |
Security Updates for NVIDIA GPU Windows Display Driver
The following table lists the affected NVIDIA software products and their updated versions:
| Software Product | Operating System | Driver Branch | Affected Driver Versions | Updated Driver Version |
|---|---|---|---|---|
| GeForce | Windows | R565 | All versions prior to 566.03 | 566.03 |
| NVIDIA RTX, Quadro, NVS | Windows | R565 | All versions prior to 566.03 | 566.03 |
| R550 | All versions prior to 553.24 | 553.24 | ||
| R535 | All versions prior to 538.95 | 538.95 | ||
| Tesla | Windows | R565 | All versions prior to 566.03 | 566.03 |
| R550 | All versions prior to 553.24 | 553.24 | ||
| R535 | All versions prior to 538.95 | 538.95 |
CVEs Addressed in Each Linux Driver Branch
The following table lists the CVEs addressed by the update in each Linux driver branch:
| Linux Driver Branch | CVEs Addressed |
|---|---|
| R565, R550, R535 | CVE‑2024‑0126 |
Affected Components and Updated Versions for Linux
The following table lists affected NVIDIA software products on Linux and their updated versions:
| Software Product | Operating System | Driver Branch | Affected Driver Versions | Updated Driver Version |
|---|---|---|---|---|
| GeForce | Linux | R565 | All versions prior to 565.57.01 | 565.57.01 |
| R550 | All versions prior to 550.127.05 | 550.127.05 | ||
| R535 | All versions prior to 535.216.01 | 535.216.01 | ||
| NVIDIA RTX, Quadro, NVS | Linux | R565 | All versions prior to 565.57.01 | 565.57.01 |
| R550 | All versions prior to 550.127.05 | 550.127.05 | ||
| R535 | All versions prior to 535.216.01 | 535.216.01 | ||
| Tesla | Linux | R550 | All versions prior to 550.127.05 | 550.127.05 |
| R535 | All versions prior to 535.216.01 | 535.216.01 |
NVIDIA urges all users to apply these updates promptly to protect their systems from potential exploits. Users are strongly advised to download and install the update from the NVIDIA Driver Downloads page.
Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!