Overview
NVIDIA has released updates to fix vulnerabilities in their products. Users of affected versions are advised to update to the latest version.
Affected Products
CVE-2024-0101
- Mellanox OS versions: ~ 3.11.1000 (included)
- ONYX version: ~ 3.10.4300 (included) (LTS)
- Skyway version: ~ 8.2.1000 (included)
- Skyway version: ~ 8.1.4300 (included) (LTS)
- MetroX-3 XC version: ~ 18.2.1000 (included)
- MetroX-2 version: ~ 3.11.1000 (included)
CVE-2024-0104
- Mellanox OS version: ~ 3.11.2100 (included) (LTS)
- ONYX version: ~ 3.10.4302 (included) (LTS)
- Skyway version: ~ 8.2.2100 (included)
- MetroX-3 XC version: ~ 18.2.2100 (included)
- MetroX-2 version: ~ 3.11.1000 (included)
CVE-2024-0107
- GeForce Windows versions: ~ 556.12 (excluded)
- GeForce Windows 10, 11 versions: ~ 475.14 (excluded)
- GeForce Windows 7, 8.X versions: ~ 475.14 (excluded)
- NVIDIA RTX/Quadro, NVS Windows versions: ~ 552.74 (excluded)
- NVIDIA RTX/Quadro, NVS Windows version: ~ 538.78 (excluded)
- NVIDIA RTX/Quadro, NVS Windows version: ~ 475.14 (excluded)
- Tesla Windows version: ~ 552.74 (excluded)
- Tesla Windows version: ~ 538.78 (excluded)
- Tesla Windows version: ~ 475.14 (excluded)
- vGPU Software Guest driver Windows version: ~ 17.2 (included)
- vGPU Software Guest driver Windows version: ~ 16.6 (included)
- vGPU Software Guest driver Windows version: ~ 13.11 (included)
- Cloud Gaming Guest driver Windows version: ~ June 2024 release (included)
CVE-2024-0108
- NVIDIA Jetson AGX Xavier series version: ~ 32.7.4 (included)
- NVIDIA Jetson Xavier NX version: ~ 32.7.4 (included)
- NVIDIA Jetson TX2 series versions: ~ 32.7.4 (included)
- NVIDIA Jetson TX2 NX version: ~ 32.7.4 (included)
- NVIDIA Jetson TX1 version: ~ 32.7.4 (included)
- NVIDIA Jetson Nano series versions: ~ 32.7.4 (included)
Resolved Vulnerabilities
Improper ipfilter definition could allow an attacker to attack the switch and cause it to fail (CVE-2024-0101)
Vulnerability in the LDAP AAA component that could allow a user present to cause inappropriate access (CVE-2024-0104)
Vulnerability in the NVIDIA GPU Display Driver for Windows that could allow out-of-bounds reads by unprivileged users (CVE-2024-0107)
NvGPU vulnerability in NVIDIA Jetson Linux where the error handling path in the GPU MMU mapping code fails to clean up failed mapping attempts (CVE-2024-0108)
Vulnerability Patches
The following Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2024-0101
- Mellanox OS version: 3.11.2002 (LTS)
- ONYX version: 3.10.4402
- Skyway version: 8.2.2000
- Skyway LTS version: 8.1.4400
- MetroX-3 XC version: 18.2.2000
- MetroX-2 version: 3.11.2002
CVE-2024-0104
- Mellanox OS version: 3.11.2202 (LTS)
- ONYX version: 3.10.4402 (LTS)
- Skyway version: 8.2.2202
- MetroX-3 XC version: 18.2.2200
- MetroX-2 version: 3.11.2002
CVE-2024-0107
- GeForce Windows version: 556.12
- GeForce Windows 10, 11 version: 475.14
- GeForce Windows 7, 8.X version: 475.14
- NVIDIA RTX/Quadro, NVS Windows version: 552.74
- NVIDIA RTX/Quadro, NVS Windows version: 538.78
- NVIDIA RTX/Quadro, NVS Windows version: 475.14
- Tesla Windows version: 552.74
- Tesla Windows version: 538.78
- Tesla Windows version: 475.14
- vGPU Software Guest driver Windows version: 17.3
- vGPU Software Guest driver Windows version: 16.7
- vGPU Software Guest driver Windows version: 13.12
- Cloud Gaming Guest driver Windows version: Release June 2024
CVE-2024-0108
- NVIDIA Jetson AGX Xavier series version: 32.75
- NVIDIA Jetson Xavier NX version: 32.75
- NVIDIA Jetson TX2 series version: 32.75
- NVIDIA Jetson TX2 NX version: 32.75
- NVIDIA Jetson TX1 version: 32.75
- NVIDIA Jetson Nano series version: 32.75
Referenced Sites
[1] Security Bulletin: NVIDIA Mellanox OS, ONYX, Skyway, MetroX-3 XC – July 2024
https://nvidia.custhelp.com/app/answers/detail/a_id/5559
[2] Security Bulletin: NVIDIA GPU Display Driver – July 2024
https://nvidia.custhelp.com/app/answers/detail/a_id/5557
[3] Security Bulletin: NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, Jetson TX1, Jetson TX2 Series (including Jetson TX2 NX), and JetsonNano (including Jetson Nano 2GB) – July 2024
https://nvidia.custhelp.com/app/answers/detail/a_id/5555
Article Link: NVIDIA Family Security Update Advisory – ASEC