What are the new vulnerabilities reported by NVIDIA and Arm?

NVIDIA and Arm have reported two new vulnerabilities: CVE-2024-4610 and CVE-2024-0090. These vulnerabilities affect GPU kernel drivers and display drivers, posing significant security risks.

Why is it important to address these vulnerabilities?

Addressing these vulnerabilities is crucial because they are either actively exploited or expected to be exploited due to their severity and the widespread use of affected GPUs. Failing to update could result in severe impacts, including unauthorized access, data tampering, and system compromise.

Attack

NVIDIA and Arm advise patching of actively exploited flaws

Q: What is CVE-2024-4610?

CVE-2024-4610 (CVSS Score 7.8) is a zero-day vulnerability in the Mali GPU Kernel Driver affecting all versions of Arm’s Bifrost and Valhall drivers from r34p0 to r40p0. It allows improper GPU memory processing operations, which can be exploited by a local non-privileged user to access already freed memory. This flaw is actively exploited in the wild.

Q: What is CVE-2024-0090?

CVE-2024-0090 (CVSS Score 7.8) is an out-of-bounds write bug in GPU Display Driver and VGPU software that could lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. It affects both Windows and Linux platforms and is expected to be used in attack tooling due to the ubiquity of Nvidia GPUs.

Q: What should users do in response to these vulnerabilities?

Users are strongly advised to upgrade to the latest versions of the Mali GPU Kernel Driver and NVIDIA GPU Display Drivers and VGPU software to mitigate the risks associated with these vulnerabilities.

published: June 11, 2024

Take action: This is not an urgent patch, but if you are using ARM or NVIDIA GPU, it's wise to update the drives quickly. Because it will be exploited and the attackers will find you. They don't care who you are, they just want to profit from you.

Learn More

NVIDIA and Arm have reported a pair of new vulnerabilities and have strongly urged customers to upgrade their products due to active exploitation or expectation for active exploitation.

The vulnerabilities are:

CVE-2024-4610 (CVSS Score 7.8) - Mali GPU Kernel Driver - This zero-day vulnerability affects all versions of Arm’s Bifrost and Valhall drivers, specifically from r34p0 to r40p0. It allows improper GPU memory processing operations, which can be exploited by a local non-privileged user to gain access to already freed memory. The flaw is actively exploited in the wild. Arm advises users to upgrade their drivers to the latest versions if impacted.

CVE-2024-0090 (CVSS Score 7.8) - GPU Display Driver and VGPU Out of Bounds Write - This out-of-bounds write bug could lead to multiple severe impacts, including code execution, denial of service, escalation of privileges, information disclosure, and data tampering. The flaw affects both Windows and Linux platforms. It's expected that due the versatility of the bug and the ubiquity of Nvidia GPUs attackers will use it in attack tooling.

Users are advised to upgrade to the latest versions of the Mali GPU Kernel Driver and NVIDIA GPU Display Drivers and VGPU software.

NVIDIA and Arm advise patching of actively exploited flaws

Read More
Mirai Botnet variant exploits TBK DVR Devices flaw
Windows AFD for WinSock vulnerability exploited by North …
Security researchers warn that a critical Apache HugeGraph …
Progress WhatsUp Gold critical flaw actively attacked
NPM supply chain attack compromises 17 popular React …