NVIDIA has revealed information regarding a series of vulnerabilities in consumer drivers for GPU and VGPU. These vulnerabilities have been addressed in the recently released updates 550.90.07, 535.183.01, and 470.256.02.
The vulnerabilities include:
- CVE-2024-0090: A buffer overflow vulnerability in drivers for Linux and Windows, with a danger level of 7.8 out of 10.
- CVE-2024-0091: A pointer prediction vulnerability in drivers for Linux and Windows, with a danger level of 7.8 out of 10.
- CVE-2024-0093: An information leakage vulnerability in drivers for Linux and Windows, with a danger level of 6.5 out of 10.
- CVE-2024-0092: An exception handling vulnerability in drivers for Linux and Windows, with a danger level of 5.5 out of 10.
- CVE-2024-0089: An information leakage vulnerability specific to Windows drivers, with a danger level of 7.8 out of 10.
- There are also five vulnerabilities in drivers for virtual GPU NVIDIA (VGPU), with three potentially allowing privileged operations on the host system through manipulations in the guest system.
/Reports, release notes, official announcements.