NVIDIA has released urgent security patches addressing eight vulnerabilities in its GPU drivers and virtual GPU software that affect both Windows and Linux systems. The January 16 update targets multiple security flaws that could enable attackers with local access to execute malicious code, steal data, or crash affected systems. Two high-severity vulnerabilities stand out among the patches. The first (CVE-2024-0150) involves a buffer overflow in the GPU display driver that could lead to system compromise through data tampering and information disclosure. The second critical issue (CVE-2024-0146) affects the virtual GPU Manager, where a compromised guest system could trigger memory corruption, potentially leading to code execution and system takeover. For Windows systems, users must update to version 553.62 (R550 branch) or 539.19 (R535 branch). Linux users need to install version 550.144.03 or 535.230.02, depending on their driver branch.

The updates cover NVIDIA's RTX, Quadro, NVS, and Tesla product lines. Enterprise environments using NVIDIA's virtualization technology face additional risks. One vulnerability (CVE-2024-53881) allows guest systems to launch interrupt storms against host machines, potentially causing system-wide outages. To patch these security holes, virtual GPU software users must update to version 17.5 (550.144.02) or 16.9 (535.230.02). The vulnerabilities specifically target systems where attackers have local access, which means remote exploitation is unlikely. However, in virtualized environments where multiple users share GPU resources, these flaws pose a significant security risk. System administrators can download the security updates from NVIDIA's Driver Downloads page, while enterprise vGPU customers should obtain patches through the NVIDIA Licensing Portal. NVIDIA recommends immediate installation of these updates across all affected systems.