Today, January 16th 2025, NVIDIA have revealed multiple security flaws in their GPU drivers, so it's time to get updating again. There's a mixture of issues that affect both Linux and Windows.
Copied below are the security issues announced:
| CVE ID | Description | Impacts |
|---|---|---|
| CVE‑2024‑0150 | NVIDIA GPU display driver for Windows and Linux contains a vulnerability where data is written past the end or before the beginning of a buffer. A successful exploit of this vulnerability might lead to information disclosure, denial of service, or data tampering. | Information disclosure, denial of service, and data tampering |
| CVE‑2024‑0147 | NVIDIA GPU display driver for Windows and Linux contains a vulnerability where referencing memory after it has been freed can lead to denial of service or data tampering. | Denial of service, data tampering |
| CVE‑2024‑53869 | NVIDIA Unified Memory driver for Linux contains a vulnerability where an attacker could leak uninitialized memory. A successful exploit of this vulnerability might lead to information disclosure. | Information disclosure |
| CVE‑2024‑0131 | NVIDIA GPU kernel driver for Windows and Linux contains a vulnerability where a potential user-mode attacker could read a buffer with an incorrect length. A successful exploit of this vulnerability might lead to denial of service. | Denial of service |
| CVE‑2024‑0149 | NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an attacker unauthorized access to files. A successful exploit of this vulnerability might lead to limited information disclosure. | Information disclosure |
Depending on what driver series you go for, you will need to check what the next version up is that has fixes. NVIDIA listed these Linux driver versions as safe:
- 550.144.03 (released today)
- 535.230.02 (released today)
All driver versions prior to the above are vulnerable to the listed issues.
550.144.03 Linux Changelog:
- Minor bug fixes and improvements
535.230.02 Linux Changelog:
- Updated the kernel module build process to use CONFIG_CC_VERSION_TEXT from the Linux kernel's Kconfig to detect the compiler used to build the kernel. This may help select the correct compiler on systems where the kernel was built with a compiler other than the default one.
- Fixed a bug that prevented kernel modules linked using precompiled kernel interface files from loading on recent Debian systems.
- In linux-next commit 446d0f4849b1, intended to be included in Linux kernel 6.12, output_poll_changed is removed from struct drm_mode_config_funcs. Do not implement the function pointer member when not present to ensure the driver can compile with newer kernels. Populating modes for DRM connectors during hotplug events will not be supported with r535 and kernels containing the relevant commit.
Windows users need at least 553.62 or 539.19.
Source: NVIDIA
Article taken from GamingOnLinux.com.
Some you may have missed, popular articles from the last month:
You can also find comments for this article on social media: Mastodon
All posts need to follow our rules. For users logged in: please hit the Report Flag icon on any post that breaks the rules or contains illegal / harmful content. Guest readers can email us for any issues.
Patreon
PayPal
An idiots guide to setting up Minecraft on Steam Deck / SteamOS with controller support
How to install extra software, apps and games on SteamOS and Steam Deck
See more from me