NVIDIA Family Security Update Advisory

Overview
 

NVIDIA has released updates to fix vulnerabilities in their products. Users of affected versions are advised to update to the latest version.

 

Affected Products

 

CVE-2024-0101

  • Mellanox OS versions: ~ 3.11.1000 (included)
  • ONYX version: ~ 3.10.4300 (included) (LTS)
  • Skyway version: ~ 8.2.1000 (included)
  • Skyway version: ~ 8.1.4300 (included) (LTS)
  • MetroX-3 XC version: ~ 18.2.1000 (included)
  • MetroX-2 version: ~ 3.11.1000 (included)

 

CVE-2024-0104

  • Mellanox OS version: ~ 3.11.2100 (included) (LTS)
  • ONYX version: ~ 3.10.4302 (included) (LTS)
  • Skyway version: ~ 8.2.2100 (included)
  • MetroX-3 XC version: ~ 18.2.2100 (included)
  • MetroX-2 version: ~ 3.11.1000 (included)

 

CVE-2024-0107

  • GeForce Windows versions: ~ 556.12 (excluded)
  • GeForce Windows 10, 11 versions: ~ 475.14 (excluded)
  • GeForce Windows 7, 8.X versions: ~ 475.14 (excluded)

 

  • NVIDIA RTX/Quadro, NVS Windows versions: ~ 552.74 (excluded)
  • NVIDIA RTX/Quadro, NVS Windows version: ~ 538.78 (excluded)
  • NVIDIA RTX/Quadro, NVS Windows version: ~ 475.14 (excluded)

 

  • Tesla Windows version: ~ 552.74 (excluded)
  • Tesla Windows version: ~ 538.78 (excluded)
  • Tesla Windows version: ~ 475.14 (excluded)

 

  • vGPU Software Guest driver Windows version: ~ 17.2 (included)
  • vGPU Software Guest driver Windows version: ~ 16.6 (included)
  • vGPU Software Guest driver Windows version: ~ 13.11 (included)

 

  • Cloud Gaming Guest driver Windows version: ~ June 2024 release (included)

 

CVE-2024-0108

  • NVIDIA Jetson AGX Xavier series version: ~ 32.7.4 (included)
  • NVIDIA Jetson Xavier NX version: ~ 32.7.4 (included)
  • NVIDIA Jetson TX2 series versions: ~ 32.7.4 (included)
  • NVIDIA Jetson TX2 NX version: ~ 32.7.4 (included)
  • NVIDIA Jetson TX1 version: ~ 32.7.4 (included)
  • NVIDIA Jetson Nano series versions: ~ 32.7.4 (included)

 

 

Resolved Vulnerabilities

Improper ipfilter definition could allow an attacker to attack the switch and cause it to fail (CVE-2024-0101)
Vulnerability in the LDAP AAA component that could allow a user present to cause inappropriate access (CVE-2024-0104)
Vulnerability in the NVIDIA GPU Display Driver for Windows that could allow out-of-bounds reads by unprivileged users (CVE-2024-0107)
NvGPU vulnerability in NVIDIA Jetson Linux where the error handling path in the GPU MMU mapping code fails to clean up failed mapping attempts (CVE-2024-0108)

 

Vulnerability Patches

The following Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-0101

  • Mellanox OS version: 3.11.2002 (LTS)
  • ONYX version: 3.10.4402
  • Skyway version: 8.2.2000
  • Skyway LTS version: 8.1.4400
  • MetroX-3 XC version: 18.2.2000
  • MetroX-2 version: 3.11.2002

 

CVE-2024-0104

  • Mellanox OS version: 3.11.2202 (LTS)
  • ONYX version: 3.10.4402 (LTS)
  • Skyway version: 8.2.2202
  • MetroX-3 XC version: 18.2.2200
  • MetroX-2 version: 3.11.2002

 

CVE-2024-0107

  • GeForce Windows version: 556.12
  • GeForce Windows 10, 11 version: 475.14
  • GeForce Windows 7, 8.X version: 475.14

 

  • NVIDIA RTX/Quadro, NVS Windows version: 552.74
  • NVIDIA RTX/Quadro, NVS Windows version: 538.78
  • NVIDIA RTX/Quadro, NVS Windows version: 475.14

 

  • Tesla Windows version: 552.74
  • Tesla Windows version: 538.78
  • Tesla Windows version: 475.14

 

  • vGPU Software Guest driver Windows version: 17.3
  • vGPU Software Guest driver Windows version: 16.7
  • vGPU Software Guest driver Windows version: 13.12

 

  • Cloud Gaming Guest driver Windows version: Release June 2024

 

CVE-2024-0108

  • NVIDIA Jetson AGX Xavier series version: 32.75
  • NVIDIA Jetson Xavier NX version: 32.75
  • NVIDIA Jetson TX2 series version: 32.75
  • NVIDIA Jetson TX2 NX version: 32.75
  • NVIDIA Jetson TX1 version: 32.75
  • NVIDIA Jetson Nano series version: 32.75

 

 

Referenced Sites

[1] Security Bulletin: NVIDIA Mellanox OS, ONYX, Skyway, MetroX-3 XC – July 2024

https://nvidia.custhelp.com/app/answers/detail/a_id/5559

[2] Security Bulletin: NVIDIA GPU Display Driver – July 2024

https://nvidia.custhelp.com/app/answers/detail/a_id/5557

[3] Security Bulletin: NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, Jetson TX1, Jetson TX2 Series (including Jetson TX2 NX), and JetsonNano (including Jetson Nano 2GB) – July 2024

https://nvidia.custhelp.com/app/answers/detail/a_id/5555

Article Link: NVIDIA Family Security Update Advisory – ASEC