Nvidia has released updated drivers and management software at the end of the March. This addresses some highly risky security vulnerabilities that the manufacturer has now fixed.

Nvidia has released updated software to address security vulnerabilities, some of which are considered high-risk by the company. The affected software includes graphics card drivers as well as GPU manager software used in server environments. Attackers could potentially exploit these vulnerabilities to execute malicious code or expand their privileges within the system. Administrators are advised to apply the available updates promptly.

Nvidia Graphics Card Drivers With Numerous Security Vulnerabilities

Nvidia has patched 17 security vulnerabilities in the graphics card drivers. Seven are considered high-risk, eight are of moderate risk, and two are of low threat level. Another moderate-risk vulnerability is present in the vGPU software. Not all vulnerabilities affect every driver branch for different GPUs. Nvidia has therefore listed which driver version is currently available for each graphics card in the security advisory.

The most severe vulnerability in the Linux driver could allow attackers to execute injected code, expand their privileges, gain unauthorized access to information, manipulate data, or launch a denial-of-service attack (CVE-2023-0189, CVSS 8.8, high-risk). Similarly, the most severe vulnerability in the Windows driver enables attackers to expand their privileges, access information, manipulate data, and launch a denial-of-service attack (CVE-2023-0184, CVSS 8.8, high-risk). Both vulnerabilities narrowly avoid being rated as critical.

Attackers could potentially trigger a heap-based buffer overflow in Nvidia's Data Center GPU Manager (DCGM) used for managing GPUs in cluster environments, allowing them to manipulate data or launch a denial-of-service attack (CVE-2023-0208, CVSS 8.4, high-risk). Nvidia's developers state in a security advisory that versions prior to 3.1.7 are vulnerable.

According to the advisory, the driver versions 531.41, 528.89, 518.03, 474.30, and 454.14 are currently available for Windows and are free from vulnerabilities. For Linux, the fixed versions 530.41.03, 525.105.17, 515.105.01, 470.182.03, and 450.236.01 are available on Nvidia's driver download page. IT administrators can obtain the updated DCGM software version 3.1.7 or later from a different Nvidia website.

As some of the security vulnerabilities narrowly miss being classified as critical, users should promptly update their software to the latest version.