NVIDIA vGPU Software program Vulnerabilities Lets Attackers Escalate The Privilege Remotely


NVIDIA vGPU Software Vulnerability

NVIDIA has launched a vital safety updates for its vGPU software, addressing a number of vulnerabilities that would doubtlessly result in severe safety breaches.

The vulnerabilities, recognized as CVE-2024-0127 and CVE-2024-0128, have been discovered within the GPU kernel driver and Digital GPU Supervisor, affecting all supported hypervisors.

We now have additionally reported at this time a couple of NVIDIA vital safety replace for its GPU Show Driver to repair vulnerabilities that would allow distant code execution, privilege escalation, and different severe dangers on Home windows and Linux methods.

Key Vulnerabilities

  • CVE-2024-0127: This vulnerability exists within the GPU kernel driver of the vGPU Supervisor. It permits a person of the visitor OS to use improper enter validation, doubtlessly resulting in code execution, privilege escalation, information tampering, denial of service, and data disclosure. It has a base rating of seven.8, rated as Excessive severity.
  • CVE-2024-0128: Discovered within the Digital GPU Supervisor, this vulnerability permits a visitor OS person to entry international assets, risking info disclosure and privilege escalation. It carries a base rating of seven.1 and can be rated Excessive.

Defending Your Networks & Endpoints With UnderDefense MDR – Request Free Demo

Affected Software program and Updates

The vulnerabilities have an effect on numerous parts throughout completely different working methods:

vGPU Software program Elements

CVEs Addressed Element OS Affected Variations Up to date Model
CVE‑2024‑0117 to CVE‑2024‑0121 Visitor driver Home windows As much as 17.3 (552.74) and 16.7 (538.78) 17.4 (553.24) and 16.8 (538.95)
N/A Visitor driver Linux As much as 17.3 (550.90.07) and 16.7 (535.183.06) 17.4 (550.127.05) and 16.8 (535.216.01)
CVE‑2024‑0126 to CVE‑2024‑0128 Digital GPU Supervisor Citrix Hypervisor, VMware vSphere, Pink Hat Enterprise Linux KVM, Ubuntu As much as 17.3 (550.90.05) and 16.7 (535.183.04) 17.4 (550.127.06) and 16.8 (535.216.01)
CVE‑2024‑0126 to CVE‑2024‑0128 Digital GPU Supervisor Azure Stack HCI As much as 17.3 (552.55) 17.4 (553.20)

vGPU Software program Elements

  • Visitor Driver for Home windows: Updates can be found for variations as much as 17.3 and 16.7.
  • Visitor Driver for Linux: Updates can be found for variations as much as 17.3 and 16.7.
  • Digital GPU Supervisor: Updates are essential for Citrix Hypervisor, VMware vSphere, Pink Hat Enterprise Linux KVM, Ubuntu, and Azure Stack HCI.

Cloud Gaming Software program

CVEs Addressed Element OS Affected Variations Up to date Model
CVE‑2024‑0117 to CVE‑2024‑0121 Visitor driver Home windows As much as September 2024 launch (560.94) October 2024 Launch (566.03)
N/A Visitor driver Linux As much as September 2024 launch (560.35.03) October 2024 Launch (565.57.01)
CVE‑2024‑0126 to CVE‑2024‑0128 Digital GPU Supervisor Pink Hat Enterprise Linux KVM, VMware vSphere As much as September 2024 launch (560.35.03) October 2024 Launch (565.57.01)

Visitor Driver for Home windows and Linux: Updates required for all variations as much as the September 2024 launch.

Mitigations and Suggestions

To mitigate these vulnerabilities, NVIDIA recommends customers obtain the most recent updates by means of the NVIDIA Licensing Portal. Customers are additionally inspired to improve any earlier department releases that may be affected.

NVIDIA thanks Piotr Bania from Cisco Talos for reporting a number of vulnerabilities (CVE‑2024‑0117 by means of CVE‑2024‑0121), and to Maxim Mints and Austin Herring for CVE‑2024‑0126.

For additional particulars on these updates or to report potential safety points, go to the NVIDIA Product Security page.

Run non-public, Actual-time Malware Evaluation in each Home windows & Linux VMs. Get a 14-day free trial with ANY.RUN!



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *