Security Advisory

NVIDIA Family Security Update Advisory

  • Jul 12 2024

Overview

NVIDIA (https://www.nvidia.com) has released a security update that addresses a vulnerability in products it has been made. Users of affected products are advised to update to the latest version.

Affected Products

 

CVE-2024-0084, CVE-2024-0099

  • VGPU Software version: ~ 17.1 (inclusive)
  • VGPU Software version: ~ 16.5 (inclusive)
  • VGPU Software version: ~ 13.10 (inclusive)

 

CVE-2024-0095

  • Triton Inference Server Versions: 20.10 (inclusive) ~ 24.04 (inclusive)

 

CVE-2024-0089, CVE-2024-0090, CVE-2024-0091

  • vGPU Software (Windows) versions: ~ 17.1 (inclusive)
  • vGPU Software (Windows) version: ~ 16.5 (inclusive)
  • vGPU Software (Windows) version: ~ 13.10 (inclusive)

 

  • Cloud Gaming Software (Windows) version: ~ April 2024 release (inclusive)

 

Cve-2024-0090, cve-2024-0091

  • vGPU Software (Linux) version: ~ 17.1 (inclusive)
  • vGPU Software (Linux) version: ~ 16.5 (inclusive)
  • vGPU Software (Linux) version: ~ 13.10 (inclusive)

 

  • vGPU Software (Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux KVM, Ubuntu) version: ~ 17.1 (inclusive)
  • vGPU Software (Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux KVM, Ubuntu) version: ~ 16.5 (inclusive)
  • vGPU Software (Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux KVM, Ubuntu) version: ~ 13.10 (inclusive)

 

  • vGPU Software (Azure Stack HCI) version: ~ 17.1 (inclusive)
  • vGPU Software (Azure Stack HCI) version: ~ 16.5 (inclusive)
  • vGPU Software (Azure Stack HCI) version: ~ 13.10 (inclusive)

 

  • Cloud Gaming Software (Linux) version: ~ April 2024 release (inclusive)
  • Cloud Gaming Software (Red Hat Enterprise Linux KVM, VMware vSphere) version: ~ April 2024 release (inclusive)

 

 

 

Resolved Vulnerabilities

 

NVIDIA vGPU Software for Linux contains a vulnerability in Virtual GPU Manager that could allow a guest OS to execute privileged operations (CVE-2024-0084)
NVIDIA vGPU Software for Linux contains a vulnerability in Virtual GPU Manager that could allow a guest OS to cause a buffer overrun on the host (CVE-2024-0099)
NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability that could allow a user to inject arbitrary data as new log entries, resulting in the injection of forged logs and executable commands (CVE-2024-0095)

A vulnerability in the NVIDIA GPU Display Driver for Windows could allow information from a client or below to be disclosed to other processes (CVE-2024-0089)
Vulnerability in the NVIDIA GPU driver for Windows and Linux that could allow a user to cause out-of-bounds writes (CVE-2024-0090)
The NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability that could allow a user to cause an untrusted pointer dereference by executing the driver API (CVE-2024-0091)

 

Vulnerability Patches

The following product-specific Vulnerability Patches were made available in the June 6, 2024 Update. For more information on Vulnerability Patches, please refer to the “Security Updates” section of the product-specific Referenced Sites documentation.

CVE-2024-0084, CVE-2024-0099

  • VGPU Software version: 17.2
  • VGPU Software version: 16.5
  • VGPU Software version: 13.11

 

CVE-2024-0089, CVE-2024-0090, CVE-2024-0091

  • vGPU Software (Windows) version: 17.2
  • vGPU Software (Windows) version: 16.6
  • vGPU Software (Windows) version: 13.11

 

  • Cloud Gaming Software (Windows) version: May 2024 release

 

CVE-2024-0090, CVE-2024-0091

  • vGPU Software (Linux) version: 17.2
  • vGPU Software (Linux) version: 16.6
  • vGPU Software (Linux) version: 13.11

 

  • vGPU Software (Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux KVM, Ubuntu) version: 17.2
  • vGPU Software (Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux KVM, Ubuntu) version: 16.6
  • vGPU Software (Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux KVM, Ubuntu) version: 13.11

 

  • vGPU Software (Azure Stack HCI) version: 17.2
  • vGPU Software (Azure Stack HCI) version: 16.6
  • vGPU Software (Azure Stack HCI) version: 13.11

 

  • Cloud Gaming Software (Linux) version: May 2024 release
  • Cloud Gaming Software (Red Hat Enterprise Linux KVM, VMware vSphere) version: May 2024 release

 

The following product-specific Vulnerability Patches were made available in the May 29, 2024 update. For more information on Vulnerability Patches, please refer to the “Security Updates” section of the product-specific Referenced Sites documentation.

CVE-2024-0095

  • Triton Inference Server version: 24.05

 

 

Referenced Sites
 

[1] CVE-2024-0084 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-0084

[2] CVE-2024-0099 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-0099

[3] NVIDIA GPU Display Driver – June 2024

https://nvidia.custhelp.com/app/answers/detail/a_id/5551

[4] CVE-2024-0095 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-0095

[5] Security Bulletin: Triton Inference Server – May 2024

https://nvidia.custhelp.com/app/answers/detail/a_id/5546

[6] CVE-2024-0089 Detail

security Bulletin: Triton Inference Server – May 2024 https://nvd.nist.gov/vuln/detail/CVE-2024-0089

[7] CVE-2024-0090 Detail

security Bulletin: Triton Inference Server – May 2024 https://nvd.nist.gov/vuln/detail/CVE-2024-0090

[8] CVE-2024-0091 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-0090

Tags:

Previous Post

Next Post