NVIDIA has revealed new GPU driver security issues in their latest bulletin, so here's what you need to know if you're using an NVIDIA GPU on Linux. This was announced February 28th.
To make sure you're not affected by the issues listed below you need to have a driver version at a minimum of either 550.54.14 (released 23rd February), 535.161.07 (released February 22nd) or 470.239.06 (released February 22nd) as all prior versions are affected.
The issues that affect Linux are:
| CVE ID | Description | Severity | CWE | Impacts |
|---|---|---|---|---|
| CVE‑2024‑0074 | NVIDIA GPU Display Driver for Linux contains a vulnerability where an attacker may access a memory location after the end of the buffer. A successful exploit of this vulnerability may lead to denial of service and data tampering. | High | CWE‑788 | Denial of service, data tampering |
| CVE‑2024‑0078 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user in a guest can cause a NULL-pointer dereference in the host, which may lead to denial of service. | Medium | CWE‑476 | Denial of service |
| CVE‑2024‑0075 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user may cause a NULL-pointer dereference by accessing passed parameters the validity of which has not been checked. A successful exploit of this vulnerability may lead to denial of service and limited information disclosure. | Medium | CWE-476 | Denial of service, limited information disclosure |
| CVE‑2022‑42265 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause integer overflow, which may lead to denial of service, information disclosure, and data tampering. | Medium | CWE‑190 | Denial of service, information disclosure, and data tampering |
There's also a few issues that affected just Windows too and the NVIDIA Virtual GPU Manager / Driver.
See the full NVIDIA security bulletin for more.
Article taken from GamingOnLinux.com.
Some you may have missed, popular articles from the last month:
9 comments
Linux_Rocks Feb 28
Great job Nvidia. 🙄
3 Likes, Who?
NathanaelKStottlemyer Feb 28
Oh, no! All my old systems are affected. Oh wait, I CAN'T USE THE GRAPHIC CARDS ON MY OLDER SYSTEMS BECAUSE NVIDIA DROPPED SUPPORT FOR THEM!!!
6 Likes, Who?
BlackBloodRum Feb 28
Quoting: NathanaelKStottlemyerOh, no! All my old systems are affected. Oh wait, I CAN'T USE THE GRAPHIC CARDS ON MY OLDER SYSTEMS BECAUSE NVIDIA DROPPED SUPPORT FOR THEM!!!Consider it a bonus.
1 Likes, Who?
NathanaelKStottlemyer Feb 28
Quoting: BlackBloodRumQuoting: NathanaelKStottlemyerOh, no! All my old systems are affected. Oh wait, I CAN'T USE THE GRAPHIC CARDS ON MY OLDER SYSTEMS BECAUSE NVIDIA DROPPED SUPPORT FOR THEM!!!Consider it a bonus.
I just hope the new open source drivers will work on a Quadro laptop GPU.
1 Likes, Who?
Beg your pardon everyone but... Dear god what is wrong with Nvidia? They've not only made a mess lately with all their drivers but now there are security issues too...
I want to change too hard my graphics card really, they're making everything a bloody hell. I'm sorry but I feel really, really frustrated. And I'm tired of how they treat all their entire public.
At least they're honest enough to make sure everyone knows about this mess.
Really, I can't stop to think about getting a job to kick all their messed products.
Last edited by Minux on 28 February 2024 at 9:50 pm UTC
I want to change too hard my graphics card really, they're making everything a bloody hell. I'm sorry but I feel really, really frustrated. And I'm tired of how they treat all their entire public.
At least they're honest enough to make sure everyone knows about this mess.
Really, I can't stop to think about getting a job to kick all their messed products.
Last edited by Minux on 28 February 2024 at 9:50 pm UTC
0 Likes
security issues has been a thing for quite some time for many things. Usually developers get some time to prepare fixes ahead when those issues are discovered and before becoming public. So i dont really see much of a problem with that since all the drivers have been already updated with fixes.
what mess has nvidia made with drivers recently? the drivers have been working flawlessly for me quite some time... i think there where few game regressions with early 535 versions but updated ones fixed those and 545.xx and current 550.xx have been super solid also.
what mess has nvidia made with drivers recently? the drivers have been working flawlessly for me quite some time... i think there where few game regressions with early 535 versions but updated ones fixed those and 545.xx and current 550.xx have been super solid also.
1 Likes, Who?
Quoting: Xpandersecurity issues has been a thing for quite some time for many things. Usually developers get some time to prepare fixes ahead when those issues are discovered and before becoming public. So i dont really see much of a problem with that since all the drivers have been already updated with fixes.
what mess has nvidia made with drivers recently? the drivers have been working flawlessly for me quite some time... i think there where few game regressions with early 535 versions but updated ones fixed those and 545.xx and current 550.xx have been super solid also.
Relating the security part, I'm not blaming them with that. It's obvious that security is a huge part that can affect almost everything, not only Nvidia. I'm just pointing out that there seems to be some issue in almost everything they do with their drivers lately.
If you use x11 you shouldn't have faced any issue. The problem is with Wayland. I've been suffering them and there are a lot of people having too, you can check their forums on the Linux section.
https://forums.developer.nvidia.com/c/gpu-graphics/linux/148
Although 535 was still stable for me, some people already had some then. And they messed enough with them to make playing on Wayland impossible. They were really outdoing themselves for a while, I almost got some hope thinking playing on Wayland as an Nvidia user would be possible.
Last edited by Minux on 28 February 2024 at 11:13 pm UTC
0 Likes
Quoting: MinuxSpoiler, click me
If you use x11 you shouldn't have faced any issue. The problem is with Wayland. I've been suffering them and there are a lot of people having too, you can check their forums on the Linux section.
https://forums.developer.nvidia.com/c/gpu-graphics/linux/148
Although 535 was still stable for me, some people already had some then. And they messed enough with them to make playing on Wayland impossible. They were really outdoing themselves for a while, I almost got some hope thinking playing on Wayland as an Nvidia user would be possible.
Ahh ok, wayland, yeah, but X11 still works perfectly, so why is there sudden rush with wayland? its not even default on most distros yet.. Give it some time.
0 Likes
Vortex_Acherontic Feb 29
Thankfully openSUSE packages the latest driver really quick. Sometimes even before the flatpak runntimes are updated 😅
1 Likes, Who?
Patreon
PayPal
See more from me