Security Advisory

NVIDIA Product Security Update Advisory

  • Jan 21 2025

Overview

We have released a security update to fix vulnerabilities in NVIDIA products. Users of affected products are advised to update to the latest version.

 

Affected Products

 

CVE-2024-0135, CVE-2024-0136, CVE-2024-0137

NVIDIA Container Toolkit Linux Versions: ~ v1.17.0 (incl.)
NVIDIA GPU Operator Linux Version: ~ 24.9.0 (incl.)

 

CVE-2024-0131, CVE-2024-0147, CVE-2024-0150

NVIDIA RTX, Quadro, NVS Windows R550 Version: ~ 553.62 (excluded)
NVIDIA RTX, Quadro, NVS Windows R535 version: ~ 539.19 (excluded)
Tesla Windows R550 version: ~ 553.62 (excluded)
Tesla Windows R535 version: ~ 539.19 (excluded)
Guest driver Winodws version: ~ 17.4 (included), driver: 553.24
Guest driver Winodws version: ~ 16.8 (included), driver: 538.95

 

CVE-2024-0131, CVE-2024-0147, CVE-2024-0149, CVE-2024-0150, CVE-2024-53869

GeForce Linux R550 versions: ~ 550.144.03 (excluded)
GeForce Linux R535 versions: ~ 535.230.02 (excluded)
NVIDIA RTX, Quadro, NVS R550 version: ~ 550.144.03 (excluded)
NVIDIA RTX, Quadro, NVS R535 version: ~ 535.230.02 (excluded)
Tesla Linux R550 version: ~ 550.144.03 (excluded)
Tesla Linux R535 version: ~ 535.230.02 (excluded)

 

CVE-2024-0131, CVE-2024-0149, CVE-2024-53869

Guest driver Linux version: ~ 17.4 (included), driver: 550.127.05
Guest driver Linux version: ~ 16.8 (incl.), driver: 535.216.01

 

CVE-2024-0131, CVE-2024-0146, CVE-2024-0147, CVE-2024-0149, CVE-2024-0150, CVE-2024-53881

Virtual GPU Manager Citrix Hypervisor Version: ~ 17.4 (incl.), Driver: 550.127.05
Virtual GPU Manager VMware vSphere Version: ~ 17.4 (incl.), Driver: 550.127.05
Virtual GPU Manager Red Hat Enterprise Linux KVM Version: ~ 17.4 (included), Driver: 550.127.05
Virtual GPU Manager Ubuntu Version: ~ 17.4 (included), Driver: 550.127.05
Virtual GPU Manager Citrix Hypervisor Version: ~ 16.8 (incl.), Driver: 535.216.01
Virtual GPU Manager VMware vSphere Version: ~ 16.8 (incl.), Driver: 535.216.01
Virtual GPU Manager Red Hat Enterprise Linux KVM Version: ~ 16.8 (incl.), Driver: 535.216.01
Virtual GPU Manager Ubuntu Version: ~ 16.8 (included), Driver: 535.216.01
Virtual GPU Manager Azure Local Version: ~ 17.4 (included), Driver: 553.20

 

 

Resolved Vulnerabilities

Vulnerability in NVIDIA GPU kernel drivers (Windows and Linux) that allows user-mode attackers to read buffers with malformed length (CVE-2024-0131)
specially crafted container images could modify host binaries (CVE-2024-0135)
vulnerability in specially crafted container images could allow untrusted code to gain read and write access to host devices (CVE-2024-0136)
vulnerability in specially crafted container images that could allow untrusted code to execute in the host’s namespace (CVE-2024-0137)
Vulnerability in Virtual GPU Manager in NVIDIA vGPU software that could result in memory corruption (CVE-2024-0146)
Vulnerability in the NVIDIA GPU Display Driver (Windows and Linux) referencing freed memory (CVE-2024-0147)
Vulnerability in the NVIDIA GPU Display Driver (Linux) that could allow unauthorized access to files (CVE-2024-0149)
vulnerability to write data beyond the start or end of a buffer (CVE-2024-0150)
Vulnerability in the NVIDIA Unified Memory driver (Linux) that could allow an attacker to disclose information via uninitialized memory access (CVE-2024-53869)
Vulnerability in the host driver in NVIDIA vGPU software that could allow a guest to cause an interrupt storm on the host (CVE-2024-53881)

 

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-0135, CVE-2024-0136, CVE-2024-0137

NVIDIA Container Toolkit Linux version: v1.17.1
NVIDIA GPU Operator Linux version: 24.9.1

 

CVE-2024-0131, CVE-2024-0147, CVE-2024-0150

NVIDIA RTX, Quadro, NVS Windows R550 Version: 553.62
NVIDIA RTX, Quadro, NVS Windows R535 Version: 539.19
Tesla Windows R550 version: 553.62
Tesla Windows R535 version: 539.19
Guest driver Winodws version: 17.5, driver: 553.62
Guest driver Winodws version: 16.9, driver: 539.19

 

CVE-2024-0131, CVE-2024-0147, CVE-2024-0149, CVE-2024-0150, CVE-2024-53869

GeForce Linux R550 Version: 550.144.03
GeForce Linux R535 Version: 535.230.02
NVIDIA RTX, Quadro, NVS R550 Version: 550.144.03
NVIDIA RTX, Quadro, NVS R535 version: 535.230.02
Tesla Linux R550 Version: 550.144.03
Tesla Linux R535 Version: 535.230.02

 

CVE-2024-0131, CVE-2024-0149, CVE-2024-53869

Guest driver Linux version: 17.5, driver: 550.144.03
Guest driver Linux version: 16.9, driver: 535.230.02

 

CVE-2024-0131, CVE-2024-0146, CVE-2024-0147, CVE-2024-0149, CVE-2024-0150, CVE-2024-53881

Virtual GPU Manager Citrix Hypervisor version: 17.5, driver: 550.144.03
Virtual GPU Manager VMware vSphere Version: 17.5, Driver: 550.144.03
Virtual GPU Manager Red Hat Enterprise Linux KVM Version: 17.5, Driver: 550.144.03
Virtual GPU Manager Ubuntu Version: 17.5, Driver: 550.144.03
Virtual GPU Manager Citrix Hypervisor Version: 16.9, Driver: 535.230.02
Virtual GPU Manager VMware vSphere Version: 16.9, Driver: 535.230.02
Virtual GPU Manager Red Hat Enterprise Linux KVM Version: 16.9, Driver: 535.230.02
Virtual GPU Manager Ubuntu Version: 16.9, Driver: 535.230.02
Virtual GPU Manager Azure Local Version: 17.5, Driver: 553.56

 

 

References

[1] Security Bulletin: NVIDIA Container Toolkit – 13 January 2025
https://nvidia.custhelp.com/app/answers/detail/a_id/5599
[2] Security Bulletin: NVIDIA GPU Display Driver – January 2025
https://nvidia.custhelp.com/app/answers/detail/a_id/5614

Tags:

Previous Post

Next Post