Upgrading is the best thing users can do to protect their systems.
Two of the largest companies developing GPUs and other semiconductor components, Arm and Nvidia, urged their customers to install security patches as soon as possible to fix a series of dangerous vulnerabilities in GPU drivers.
U.K. - based Arm has reported an actively exploited zero-day vulnerability in the Mali GPU Kernel software driver, which enables the operating system to interact with the Mali GPU. This vulnerability, identified as CVE-2024-4610, can lead to incorrect processing of GPU video memory, causing crashes, data corruption, or unauthorized access to confidential information. Arm said it has already fixed the bug and strongly recommends updating the Bifrost and Valhall GPU software to all affected users.
This isn't the first time researchers have identified problems in Arm's Mali GPU drivers. In October last year, the company acknowledged the existence of another vulnerability (CVE-2023-4211), which allows hackers to access data on devices with a Mali GPU. And even earlier, in 2022, the expert found a bug in the same driver that opened a loophole for hacking Google Pixel 6.
The American giant Nvidia also reported 10 new serious problems in its GPU drivers for Windows and Linux, as well as in its virtual GPU (vGPU) software. The company urged all users to urgently download and install updated versions to protect their systems from potential cyber attacks.
One of the discovered vulnerabilities in the Nvidia GPU drivers for Windows and Linux, designated as CVE-2024-0090, can lead to malicious code execution, denial of service, privilege escalation, data disclosure and corruption. Another bug CVE-2024-0089 in the Nvidia GPU driver for Windows opens up the possibility of information leaks from previous sessions.
Nvidia also warned that their vGPU software, which allows multiple VMs to use a single physical GPU, has a vulnerability called CVE-2024-0099 . Similarly, it leads to data disclosure, modification, privilege escalation, and denial of service.
Two leading companies in the GPU industry almost simultaneously faced the need to close critical security holes in their developments. Timely updates are essential to prevent possible damage.
Two of the largest companies developing GPUs and other semiconductor components, Arm and Nvidia, urged their customers to install security patches as soon as possible to fix a series of dangerous vulnerabilities in GPU drivers.
U.K. - based Arm has reported an actively exploited zero-day vulnerability in the Mali GPU Kernel software driver, which enables the operating system to interact with the Mali GPU. This vulnerability, identified as CVE-2024-4610, can lead to incorrect processing of GPU video memory, causing crashes, data corruption, or unauthorized access to confidential information. Arm said it has already fixed the bug and strongly recommends updating the Bifrost and Valhall GPU software to all affected users.
This isn't the first time researchers have identified problems in Arm's Mali GPU drivers. In October last year, the company acknowledged the existence of another vulnerability (CVE-2023-4211), which allows hackers to access data on devices with a Mali GPU. And even earlier, in 2022, the expert found a bug in the same driver that opened a loophole for hacking Google Pixel 6.
The American giant Nvidia also reported 10 new serious problems in its GPU drivers for Windows and Linux, as well as in its virtual GPU (vGPU) software. The company urged all users to urgently download and install updated versions to protect their systems from potential cyber attacks.
One of the discovered vulnerabilities in the Nvidia GPU drivers for Windows and Linux, designated as CVE-2024-0090, can lead to malicious code execution, denial of service, privilege escalation, data disclosure and corruption. Another bug CVE-2024-0089 in the Nvidia GPU driver for Windows opens up the possibility of information leaks from previous sessions.
Nvidia also warned that their vGPU software, which allows multiple VMs to use a single physical GPU, has a vulnerability called CVE-2024-0099 . Similarly, it leads to data disclosure, modification, privilege escalation, and denial of service.
Two leading companies in the GPU industry almost simultaneously faced the need to close critical security holes in their developments. Timely updates are essential to prevent possible damage.
