Details
This section summarizes the potential vulnerabilities that this security update addresses and their impact. Descriptions use CWE™, and base scores and vectors use CVSS v3.1 standards.
NVIDIA GPU Display Driver
| CVE ID | Description | Vector | Base Score | Severity | CWE | Impacts |
|---|---|---|---|---|---|---|
| CVE‑2024‑0150 | NVIDIA GPU display driver for Windows and Linux contains a vulnerability where data is written past the end or before the beginning of a buffer. A successful exploit of this vulnerability might lead to information disclosure, denial of service, or data tampering. | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H | 7.1 | High | CWE‑787 | Information disclosure, denial of service, and data tampering |
| CVE‑2024‑0147 | NVIDIA GPU display driver for Windows and Linux contains a vulnerability where referencing memory after it has been freed can lead to denial of service or data tampering. | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 5.5 | Medium | CWE‑416 | Denial of service, data tampering |
| CVE‑2024‑53869 | NVIDIA Unified Memory driver for Linux contains a vulnerability where an attacker could leak uninitialized memory. A successful exploit of this vulnerability might lead to information disclosure. | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 5.5 | Medium | CWE‑459 | Information disclosure |
| CVE‑2024‑0131 |
NVIDIA GPU kernel driver for Windows and Linux contains a vulnerability where a potential user-mode attacker could read a buffer with an incorrect length. A successful exploit of this vulnerability might lead to denial of service.
|
AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 4.4 | Medium | CWE‑805 | Denial of service |
| CVE‑2024‑0149 | NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an attacker unauthorized access to files. A successful exploit of this vulnerability might lead to limited information disclosure. | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 3.3 | Low | CWE‑125 | Information disclosure |
NVIDIA vGPU Software
| CVE ID | Description | Vector | Base Score | Severity | CWE | Impacts |
|---|---|---|---|---|---|---|
| CVE‑2024‑0146 | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause memory corruption. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, or data tampering. | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 7.8 | High | CWE‑120 | Code execution, denial of service, information disclosure, data tampering |
| CVE‑2024‑53881 | NVIDIA vGPU software contains a vulnerability in the host driver, where it can allow a guest to cause an interrupt storm on the host, which may lead to denial of service. | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 5.5 | Medium | CWE‑459 | Denial of service |
The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk to your specific configuration.
Security Updates for NVIDIA GPU Display Driver
CVEs Addressed in Each Windows Driver Branch
The following table lists the CVEs addressed by the update in each Windows driver branch.
| Windows Driver Branch | CVEs Addressed |
|---|---|
| R535, R550, R560, R565, R570 | CVE-2024-0131, CVE-2024-0147, CVE-2024-0150 |
Windows Affected Components, Affected Versions, and Updated Versions
The following table lists the NVIDIA software products affected, Windows driver versions affected, and the updated version available from nvidia.com that includes this security update. Download the updates from the NVIDIA Driver Downloads page.
| Software Product | Operating System | Driver Branch | Affected Driver Versions | Updated Driver Version |
|---|---|---|---|---|
| GeForce | Windows | R570 | All driver versions prior to 572.16 | 572.16 |
| NVIDIA RTX, Quadro, NVS | Windows | R570 | All driver versions prior to 572.16 | 572.16 |
| R550 | All driver versions prior to 553.62 | 553.62 | ||
| R535 | All driver versions prior to 539.19 | 539.19 | ||
| Tesla | Windows | R570 | All driver versions prior to 572.13 | 572.13 |
| R550 | All driver versions prior to 553.62 | 553.62 | ||
| R535 | All driver versions prior to 539.19 | 539.19 |
CVEs Addressed in Each Linux Driver Branch
The following table lists the CVEs addressed by the update in each Linux driver branch.
| Linux Driver Branch | CVEs Addressed |
|---|---|
| R550, R570 | CVE-2024-0131, CVE-2024-0147, CVE-2024-0149, CVE-2024-0150, CVE-2024-53869 |
| R535 | CVE-2024-0131, CVE-2024-0147, CVE-2024-0149, CVE-2024-0150 |
Linux Affected Components, Affected Versions, and Updated Versions
The following table lists the NVIDIA software products affected, Linux driver versions affected, and the updated version available from nvidia.com that includes this security update. Download the updates from the NVIDIA Driver Downloads page.
| Software Product | Operating System | Driver Branch | Affected Driver Versions | Updated Driver Version |
|---|---|---|---|---|
| GeForce | Linux | R570 | All driver versions prior to 570.86.16 | 570.86.16 |
| R550 | All driver versions prior to 550.144.03 | 550.144.03 | ||
| R535 | All driver versions prior to 535.230.02 | 535.230.02 | ||
| NVIDIA RTX, Quadro, NVS | Linux | R570 | All driver versions prior to 570.86.16 | 570.86.16 |
| R550 | All driver versions prior to 550.144.03 | 550.144.03 | ||
| R535 | All driver versions prior to 535.230.02 | 535.230.02 | ||
| Tesla | Linux | R570 | All driver versions prior to 570.86.15 | 570.86.15 |
| R550 | All driver versions prior to 550.144.03 | 550.144.03 | ||
| R535 | All driver versions prior to 535.230.02 | 535.230.02 |
Notes
- Your computer hardware vendor might provide you with Windows GPU display driver versions including 566.24, 561.21, 553.42, and 539.07, which also contain the security updates.
- The table above might not be a comprehensive list of all affected supported versions or branch releases and might be updated as more information becomes available.
- Earlier software GPU branch releases that support these products might also be affected. If you are using an earlier branch release for which an update version is not listed above, upgrade to the latest branch release.
Security Updates for NVIDIA vGPU Software
CVE IDs Addressed in Each Windows vGPU Driver Branch
The following table lists the CVE IDs addressed by the update in each Windows vGPU driver branch.
| Windows Driver Branch | CVE IDs Addressed |
|---|---|
| R550, R535 | CVE‑2024‑0131 |
CVE IDs Addressed in Each Linux vGPU Driver Branch
The following table lists the CVE IDs addressed by the update in each Linux vGPU driver branch.
| Linux Driver Branch | CVE IDs Addressed |
|---|---|
| R550 | CVE-2024-0131, CVE-2024-0149, CVE-2024-53869 |
| R535 | CVE-2024-0131, CVE-2024-0149 |
CVE IDs Addressed in Each vGPU Manager Driver Branch
The following table lists the CVE IDs addressed by the update in each vGPU Manager driver branch.
| vGPU Manager Driver Branch | CVE IDs Addressed |
|---|---|
| R550 | CVE-2024-0131, CVE-2024-0146, CVE-2024-0147, CVE-2024-0149, CVE-2024-0150, CVE-2024-53881 |
| R535 | CVE-2024-0131, CVE-2024-0147, CVE-2024-0149, CVE-2024-0150, CVE-2024-53881 |
Affected Components, Affected Versions, and Updated Versions
The following table lists NVIDIA vGPU software components affected, versions affected, and the updated version that includes this security update. Download the updates through the NVIDIA Licensing Portal.
| CVE IDs Addressed | vGPU Software Component | Operating System | Affected Versions | Updated Version | ||
|---|---|---|---|---|---|---|
| vGPU Software | Driver | vGPU Software | Driver | |||
| CVE‑2024‑0131 | Guest driver | Windows | All versions up to and including 17.4 | 553.24 | 17.5 | 553.62 |
| All versions up to and including 16.8 | 538.95 | 16.9 | 539.19 | |||
| CVE‑2024‑0131 CVE‑2024‑0149 CVE‑2024‑53889 |
Guest driver | Linux | All versions up to and including 17.4 | 550.127.05 | 17.5 | 550.144.03 |
| All versions up to and including 16.8 | 535.216.01 | 16.9 | 535.230.02 | |||
| CVE‑2024‑0131 CVE‑2024‑0146 CVE‑2024‑0147 CVE‑2024‑0149 CVE‑2024‑0150 CVE‑2024‑53881 |
Virtual GPU Manager | Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux KVM, Ubuntu | All versions up to and including 17.4 | 550.127.06 | 17.5 | 550.144.02 |
| All versions up to and including 16.8 | 535.216.01 | 16.9 | 535.230.02 | |||
| CVE‑2024‑0131 CVE‑2024‑0146 CVE‑2024‑0147 CVE‑2024‑0150 CVE‑2024‑53881 |
Virtual GPU Manager | Azure Local | All versions up to and including 17.4 | 553.20 | 17.5 | 553.56 |
Notes:
- The table above might not be a comprehensive list of all affected supported versions or branch releases and might be updated as more information becomes available.
- Earlier software branch releases that support these products might also be affected. If you are using an earlier branch release for which an update version is not listed above, upgrade to the latest branch release.
Mitigations
See Security Updates for NVIDIA GPU Display Driver, or Security Updates for NVIDIA vGPU Software for the version to install.
Acknowledgements
NVIDIA thanks the following people for reporting the issues to us:
CVE‑2024‑0131: Xiaochen Zou
CVE‑2024‑0149: Wolfgang Frisch
Get the Most Up to Date Product Security Information
Visit the NVIDIA Product Security page to
- Subscribe to security bulletin notifications
- See the current list of NVIDIA security bulletins
- Report a potential security issue in any NVIDIA supported product
- Learn more about the vulnerability management process followed by the NVIDIA Product Security Incident Response Team (PSIRT)
Revision History
| Revision | Date | Description |
|---|---|---|
| 1.0 | January 16, 2025 | Initial release |
| 2.0 | January 21, 2025 | Removed R570 text appearing in document |
| 3.0 | January 30, 2025 | Added R570 affected product and version information |
Support
If you have any questions about this security bulletin, contact NVIDIA Support.
Frequently Asked Questions (FAQs)
How do I determine which NVIDIA display driver version is currently installed on my PC?
Disclaimer
ALL NVIDIA INFORMATION, DESIGN SPECIFICATIONS, REFERENCE BOARDS, FILES, DRAWINGS, DIAGNOSTICS, LISTS, AND OTHER DOCUMENTS (TOGETHER AND SEPARATELY, “MATERIALS”) ARE BEING PROVIDED “AS IS.” NVIDIA MAKES NO WARRANTIES, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE WITH RESPECT TO THE MATERIALS, AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OR CONDITION OF TITLE, MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT, ARE HEREBY EXCLUDED TO THE MAXIMUM EXTENT PERMITTED BY LAW.
Information is believed to be accurate and reliable at the time it is furnished. However, NVIDIA Corporation assumes no responsibility for the consequences of use of such information or for any infringement of patents or other rights of third parties that may result from its use. No license is granted by implication or otherwise under any patent or patent rights of NVIDIA Corporation. Specifications mentioned in this publication are subject to change without notice. This publication supersedes and replaces all information previously supplied. NVIDIA Corporation products are not authorized for use as critical components in life support devices or systems without express written approval of NVIDIA Corporation.