NVIDIA has issued a security update for its GPU Display Driver and Virtual GPU (vGPU) software to address multiple vulnerabilities.
The update, released in January 2025, aims to mitigate risks such as information disclosure, denial of service, data tampering, and potential code execution.
Users are strongly advised to install the latest updates via the NVIDIA Driver Downloads page or the NVIDIA Licensing Portal.
Key Vulnerabilities in GPU Display Drivers
The security bulletin highlights several vulnerabilities affecting both Windows and Linux systems. The most critical issues include:
- CVE‑2024‑0150: A buffer overflow vulnerability in the GPU display driver for Windows and Linux. Exploitation could result in information disclosure, denial of service, or data tampering. This issue is rated as high severity with a CVSS score of 7.1.
- CVE‑2024‑0147: A medium-severity vulnerability involving the use of freed memory, which could lead to denial of service or data tampering (CVSS score: 5.5).
- CVE‑2024‑53869: A flaw in the Unified Memory driver for Linux that may allow attackers to leak uninitialized memory, posing an information disclosure risk (CVSS score: 5.5).
Other vulnerabilities, such as CVE‑2024‑0131 and CVE‑2024‑0149, involve denial of service and unauthorized file access but are rated with lower severity levels.
vGPU Software Vulnerabilities
The vGPU software update addresses critical issues that could impact virtualized environments:
- CVE‑2024‑0146: A high-severity vulnerability in the Virtual GPU Manager that could lead to memory corruption, enabling code execution, denial of service, or data tampering (CVSS score: 7.8).
- CVE‑2024‑53881: A medium-severity issue where a guest system can trigger an interrupt storm on the host, potentially causing denial of service.
The vulnerabilities impact multiple driver branches across different product lines, including GeForce, NVIDIA RTX/Quadro/NVS, and Tesla GPUs.
Updated driver versions have been released for both Windows and Linux platforms:
- For Windows systems:
- R570 branch updated to version 572.16.
- R550 branch updated to version 553.62.
- R535 branch updated to version 539.19.
- For Linux systems:
- R570 branch updated to version 570.86.16.
- R550 branch updated to version 550.144.03.
- R535 branch updated to version 535.230.02.
vGPU software updates are also available for Virtual GPU Manager and guest drivers across Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux KVM, Ubuntu, and Azure Local environments.
NVIDIA advises users to promptly install the recommended updates to safeguard their systems from potential exploits.
The company also recommends consulting IT professionals to evaluate specific risks based on local configurations.
 software to address multiple vulnerabilities.){kind=link}