CVE-2024-0093 – This vulnerability in NVIDIA GPU software for L... (How to Fix)

Q: What is the severity of CVE-2024-0093?

CVE-2024-0093 has a CVSS score of 6.5 (MEDIUM). This vulnerability in NVIDIA GPU software for Linux allows unauthorized actors to access sensitive information through the GPU driver. It affects Linux systems with NVIDIA GPU drivers installed. Successful exploitation could lead to information disclosure of potentially sensitive data.

📋 TL;DR

This vulnerability in NVIDIA GPU software for Linux allows unauthorized actors to access sensitive information through the GPU driver. It affects Linux systems with NVIDIA GPU drivers installed. Successful exploitation could lead to information disclosure of potentially sensitive data.

💻 Affected Systems

Products:

NVIDIA GPU Display Driver for Linux

Versions: Specific versions not provided in CVE description; check NVIDIA advisory for exact affected versions

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Linux systems with NVIDIA GPU drivers. Windows and other OS are not affected based on the description.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sensitive system information or GPU memory contents could be exposed to unauthorized users, potentially revealing credentials, encryption keys, or other confidential data.

🟠

Likely Case

Limited information disclosure of GPU-related data or system information accessible through the GPU driver interface.

🟢

If Mitigated

Minimal impact with proper access controls and isolation preventing unauthorized users from accessing GPU resources.

🌐 Internet-Facing: LOW - This vulnerability requires local access to the system and cannot be exploited remotely over the network.

🏢 Internal Only: MEDIUM - Local users or processes could exploit this to gain unauthorized access to sensitive information on affected systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access to the system and knowledge of the vulnerability. No public exploit code is mentioned in the CVE description.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check NVIDIA advisory for specific fixed versions

Vendor Advisory: https://nvidia.custhelp.com/app/answers/detail/a_id/5551

Restart Required: Yes

Instructions:

1. Visit NVIDIA advisory URL to identify affected versions. 2. Download and install the latest NVIDIA GPU driver for Linux from NVIDIA's website. 3. Reboot the system to apply the driver update.

🔧 Temporary Workarounds

Restrict GPU Access

linux

Limit access to GPU devices to authorized users only using file permissions

sudo chmod 600 /dev/nvidia*
sudo chown root:video /dev/nvidia*

Disable Unused GPU Features

linux

Disable GPU features not required for your workload to reduce attack surface

Check NVIDIA documentation for feature-specific disable commands

🧯 If You Can't Patch

Implement strict access controls to limit which users can access GPU devices
Isolate GPU workloads to dedicated systems with minimal user access

🔍 How to Verify

Check if Vulnerable:

Check NVIDIA driver version and compare against affected versions in NVIDIA advisory

Check Version:

nvidia-smi --query-gpu=driver_version --format=csv,noheader

Verify Fix Applied:

Verify driver version is updated to a version not listed in the NVIDIA advisory as vulnerable

📡 Detection & Monitoring

Log Indicators:

Unusual GPU access patterns
Failed GPU device access attempts from unauthorized users

Network Indicators:

Not applicable - local vulnerability only

SIEM Query:

Search for unusual access to /dev/nvidia* devices or GPU-related system calls from unauthorized users

📊 Metadata

CVE ID: CVE-2024-0093

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE: CWE-200

Published: June 13, 2024

Last Updated: November 21, 2024

🔗 References

https://nvidia.custhelp.com/app/answers/detail/a_id/5551 Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5551 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-0093, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Cloud Gaming by Nvidia

Virtual Gpu by Nvidia

Virtual Gpu by Nvidia

Virtual Gpu by Nvidia

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict GPU Access

Disable Unused GPU Features

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities