NVIDIA vGPU Software program Vulnerabilities Lets Attackers Escalate The Privilege Remotely
NVIDIA has launched a vital safety updates for its vGPU software, addressing a number of vulnerabilities that would doubtlessly result in severe safety breaches.
The vulnerabilities, recognized as CVE-2024-0127 and CVE-2024-0128, have been discovered within the GPU kernel driver and Digital GPU Supervisor, affecting all supported hypervisors.
We now have additionally reported at this time a couple of NVIDIA vital safety replace for its GPU Show Driver to repair vulnerabilities that would allow distant code execution, privilege escalation, and different severe dangers on Home windows and Linux methods.
Key Vulnerabilities
- CVE-2024-0127: This vulnerability exists within the GPU kernel driver of the vGPU Supervisor. It permits a person of the visitor OS to use improper enter validation, doubtlessly resulting in code execution, privilege escalation, information tampering, denial of service, and data disclosure. It has a base rating of seven.8, rated as Excessive severity.
- CVE-2024-0128: Discovered within the Digital GPU Supervisor, this vulnerability permits a visitor OS person to entry international assets, risking info disclosure and privilege escalation. It carries a base rating of seven.1 and can be rated Excessive.
Defending Your Networks & Endpoints With UnderDefense MDR – Request Free Demo
Affected Software program and Updates
The vulnerabilities have an effect on numerous parts throughout completely different working methods:
vGPU Software program Elements
CVEs Addressed | Element | OS | Affected Variations | Up to date Model |
---|---|---|---|---|
CVE‑2024‑0117 to CVE‑2024‑0121 | Visitor driver | Home windows | As much as 17.3 (552.74) and 16.7 (538.78) | 17.4 (553.24) and 16.8 (538.95) |
N/A | Visitor driver | Linux | As much as 17.3 (550.90.07) and 16.7 (535.183.06) | 17.4 (550.127.05) and 16.8 (535.216.01) |
CVE‑2024‑0126 to CVE‑2024‑0128 | Digital GPU Supervisor | Citrix Hypervisor, VMware vSphere, Pink Hat Enterprise Linux KVM, Ubuntu | As much as 17.3 (550.90.05) and 16.7 (535.183.04) | 17.4 (550.127.06) and 16.8 (535.216.01) |
CVE‑2024‑0126 to CVE‑2024‑0128 | Digital GPU Supervisor | Azure Stack HCI | As much as 17.3 (552.55) | 17.4 (553.20) |
vGPU Software program Elements
- Visitor Driver for Home windows: Updates can be found for variations as much as 17.3 and 16.7.
- Visitor Driver for Linux: Updates can be found for variations as much as 17.3 and 16.7.
- Digital GPU Supervisor: Updates are essential for Citrix Hypervisor, VMware vSphere, Pink Hat Enterprise Linux KVM, Ubuntu, and Azure Stack HCI.
Cloud Gaming Software program
CVEs Addressed | Element | OS | Affected Variations | Up to date Model |
---|---|---|---|---|
CVE‑2024‑0117 to CVE‑2024‑0121 | Visitor driver | Home windows | As much as September 2024 launch (560.94) | October 2024 Launch (566.03) |
N/A | Visitor driver | Linux | As much as September 2024 launch (560.35.03) | October 2024 Launch (565.57.01) |
CVE‑2024‑0126 to CVE‑2024‑0128 | Digital GPU Supervisor | Pink Hat Enterprise Linux KVM, VMware vSphere | As much as September 2024 launch (560.35.03) | October 2024 Launch (565.57.01) |
Visitor Driver for Home windows and Linux: Updates required for all variations as much as the September 2024 launch.
Mitigations and Suggestions
To mitigate these vulnerabilities, NVIDIA recommends customers obtain the most recent updates by means of the NVIDIA Licensing Portal. Customers are additionally inspired to improve any earlier department releases that may be affected.
NVIDIA thanks Piotr Bania from Cisco Talos for reporting a number of vulnerabilities (CVE‑2024‑0117 by means of CVE‑2024‑0121), and to Maxim Mints and Austin Herring for CVE‑2024‑0126.
For additional particulars on these updates or to report potential safety points, go to the NVIDIA Product Security page.
Run non-public, Actual-time Malware Evaluation in each Home windows & Linux VMs. Get a 14-day free trial with ANY.RUN!