Nvidia has released a new patch for its GPU Display Driver for Windows and Linux to fix a handful of rather serious vulnerabilities.
If exploited, the vulnerabilities mostly lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering, which means they are rather serious. Among them is CVE‑2024‑0126, which has a severity score of 8.2 (high severity).
Another six vulnerabilities are scored 7.8, while the final one is scored 7.1. Of the total eight flaws, five affect the Windows ecosystem. They are all user mode layer exploits, in which threat actors could initiate out-of-bound reads and thus execute code remotely. One exploit was for both Windows and Linux.
Smash and grab
The details about the vulnerabilities and how they can be exploited can be found on Nvidia’s security bulletin, here. There was no word of in-the-wild abuse, so we’re guessing crooks haven’t abused these bugs just yet.
However, with Nvidia’s popularity and prevalence, it is now only a matter of time before miscreants start looking for vulnerable endpoints to exploit.
GPUs are a popular target among cybercriminals, and not just those built by Nvidia. For example, in September 2023, security researchers warned of a flaw found in GPUs from all major manufacturers, which allowed hackers to read sensitive data displayed in browsers. Furthermore, in June 2024, ARM said it had found vulnerabilities in Bifrost and Valhall GPU kernel drivers being exploited in the wild.
At the time, the vulnerability was two years old, yet many users did not patch it on time.
Running regular updates to both software and hardware is one of the best ways to prevent…
Read full post on Tech Radar