Security Advisory

NVIDIA Family Security Update Advisory

  • Aug 09 2024

Overview
 

NVIDIA has released updates to fix vulnerabilities in their family of products. Users of affected versions are advised to update to the latest version.

 

Affected Products

 

CVE-2024-0101

  • Mellanox OS versions: ~ 3.11.1000 (included)
  • ONYX version: ~ 3.10.4300 (included) (LTS)
  • Skyway version: ~ 8.2.1000 (included)
  • Skyway version: ~ 8.1.4300 (included) (LTS)
  • MetroX-3 XC version: ~ 18.2.1000 (included)
  • MetroX-2 version: ~ 3.11.1000 (included)

 

CVE-2024-0104

  • Mellanox OS version: ~ 3.11.2100 (included) (LTS)
  • ONYX version: ~ 3.10.4302 (included) (LTS)
  • Skyway version: ~ 8.2.2100 (included)
  • MetroX-3 XC version: ~ 18.2.2100 (included)
  • MetroX-2 version: ~ 3.11.1000 (included)

 

CVE-2024-0107

  • GeForce Windows versions: ~ 556.12 (excluded)
  • GeForce Windows 10, 11 versions: ~ 475.14 (excluded)
  • GeForce Windows 7, 8.X versions: ~ 475.14 (excluded)

 

  • NVIDIA RTX/Quadro, NVS Windows versions: ~ 552.74 (excluded)
  • NVIDIA RTX/Quadro, NVS Windows versions: ~ 538.78 (excluded)
  • NVIDIA RTX/Quadro, NVS Windows versions: ~ 475.14 (excluded)

 

  • Tesla Windows versions: ~ 552.74 (excluded)
  • Tesla Windows versions: ~ 538.78 (excluded)
  • Tesla Windows versions: ~ 475.14 (excluded)

 

  • vGPU Software Guest driver Windows versions: ~ 17.2 (included)
  • vGPU Software Guest driver Windows versions: ~ 16.6 (included)
  • vGPU Software Guest driver Windows versions: ~ 13.11 (included)

 

  • Cloud Gaming Guest driver Windows versions: ~ June 2024 release (included)

 

CVE-2024-0108

  • NVIDIA Jetson AGX Xavier series versions: ~ 32.7.4 (included)
  • NVIDIA Jetson Xavier NX versions: ~ 32.7.4 (included)
  • NVIDIA Jetson TX2 series versions: ~ 32.7.4 (included)
  • NVIDIA Jetson TX2 NX versions: ~ 32.7.4 (included)
  • NVIDIA Jetson TX1 versions: ~ 32.7.4 (included)
  • NVIDIA Jetson Nano series versions: ~ 32.7.4 (included)

 

CVE-2024-0113

  • Mellanox OS versions: ~ 3.11.4000 (included)
  • Mellanox OS versions: ~ 3.11.2200 (included) (LTS)
  • Mellanox OS versions: ~ 3.10.4400 (included) (LTS)

 

  • ONYX versions: ~ 3.10.4400 (included) (LTS)

 

  • Skyway versions: ~ 8.2.2200 (included)
  • Skyway versions: ~ 8.1.4400 (included) (LTS)

 

  • MetroX-3 XC versions: ~ 18.2.2200 (included)
  • MetroX-2 versions: ~ 3.11.4000 (included)

 

 

Resolved Vulnerabilities

Improper ipfilter definition could allow an attacker to attack the switch and cause it to fail (CVE-2024-0101)

Vulnerability in the LDAP AAA component that could allow a user present to cause inappropriate access (CVE-2024-0104)

Vulnerability in the NVIDIA GPU Display Driver for Windows that could allow out-of-bounds reads by unprivileged users (CVE-2024-0107)

NvGPU vulnerability in NVIDIA Jetson Linux where the error handling path in the GPU MMU mapping code does not clean up failed mapping attempts (CVE-2024-0108)

Vulnerability in NvGPU that could allow an attacker to cause a CGI path traversal with a specially crafted URI, resulting in privilege escalation and information disclosure (CVE-2024-0113)

 

Vulnerability Patches

The following Vulnerability Patches are available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-0101

  • Mellanox OS version: 3.11.2002 (LTS)
  • ONYX version: 3.10.4402
  • Skyway version: 8.2.2000
  • Skyway LTS version: 8.1.4400
  • MetroX-3 XC version: 18.2.2000
  • MetroX-2 version: 3.11.2002

 

CVE-2024-0104

  • Mellanox OS version: 3.11.2202 (LTS)
  • ONYX version: 3.10.4402 (LTS)
  • Skyway version: 8.2.2202
  • MetroX-3 XC version: 18.2.2200
  • MetroX-2 version: 3.11.2002

 

CVE-2024-0107

  • GeForce Windows version: 556.12
  • GeForce Windows 10, 11 version: 475.14
  • GeForce Windows 7, 8.X version: 475.14

 

  • NVIDIA RTX/Quadro, NVS Windows version: 552.74
  • NVIDIA RTX/Quadro, NVS Windows version: 538.78
  • NVIDIA RTX/Quadro, NVS Windows version: 475.14

 

  • Tesla Windows version: 552.74
  • Tesla Windows version: 538.78
  • Tesla Windows version: 475.14

 

  • vGPU Software Guest driver Windows version: 17.3
  • vGPU Software Guest driver Windows version: 16.7
  • vGPU Software Guest driver Windows version: 13.12

 

  • Cloud Gaming Guest driver Windows version: Coming June 2024

 

CVE-2024-0108

  • NVIDIA Jetson AGX Xavier series version: 32.75
  • NVIDIA Jetson Xavier NX version: 32.75
  • NVIDIA Jetson TX2 series version: 32.75
  • NVIDIA Jetson TX2 NX version: 32.75
  • NVIDIA Jetson TX1 version: 32.75
  • NVIDIA Jetson Nano series version: 32.75

 

CVE-2024-0113

  • Mellanox OS version: 3.12.1002
  • Mellanox OS version: 3.11.2302 (LTS)
  • Mellanox OS version: 3.10.4500 (LTS)

 

  • ONYX version: 3.10.4504 (LTS)

 

  • Skyway version: 8.2.2300
  • Skyway version: 8.1.4500 (LTS)

 

  • MetroX-3 XC version: 18.2.2300
  • MetroX-2 version: 3.12.1002

 

Referenced Sites

[1] Security Bulletin: NVIDIA Mellanox OS, ONYX, Skyway, MetroX-3 XC – July 2024

https://nvidia.custhelp.com/app/answers/detail/a_id/5559

[2] Security Bulletin: NVIDIA GPU Display Driver – July 2024

https://nvidia.custhelp.com/app/answers/detail/a_id/5557

[3] Security Bulletin: NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, Jetson TX1, Jetson TX2 Series (including Jetson TX2 NX), and JetsonNano (including Jetson Nano 2GB) – July 2024

https://nvidia.custhelp.com/app/answers/detail/a_id/5555

[4] Security Bulletin: NVIDIA Mellanox OS, ONYX, Skyway, MetroX – August 2024

https://nvidia.custhelp.com/app/answers/detail/a_id/5563

Tags:

Previous Post

Next Post