NVIDIA Details Alarming Security Threats Fixed In Latest GPU Driver, Update ASAP
The most critical vulnerability fixed in this update is CVE-2024-0150, a high-severity bug in the GPU driver itself. This flaw could enable a local attacker to execute arbitrary code or access data they shouldn't be able to. It requires local access, but the risk is significant for systems used in professional environments where sensitive information is handled. Beyond CVE-2024-0150, NVIDIA addressed four additional issues in the GPU driver, which, while not as severe, still warrant fixing.
Users of NVIDIA's vGPU software should also be on high alert. The update fixes two vulnerabilities here, including CVE-2024-0146. With a CVSS score of 7.8, this is another high-severity flaw that could allow for remote code execution on the host machine from a guest login. In virtualized environments, such exploits can potentially compromise multiple systems, escalating the impact of an attack.
If you're running professional-grade NVIDIA products, you should ensure your driver is updated to the latest release for your branch. NVIDIA's updates are, as always, available on the company's website, but it's worth noting that users of pro-grade hardware are often required to get their drivers through their system vendor or integrator. It's a good idea to reach out to your provider to confirm you're using the latest, secure version.
Even if you think your system isn't a likely target, keeping your drivers up to date is a good habit. Security vulnerabilities don't just impact businesses and enterprises—they can affect any system with outdated software. Professional GPUs are often used in environments with valuable data, making them attractive targets for attackers. Don't leave your system exposed; this is an easy fix that could save you a lot of trouble down the road.
