Cisco Talos’ Vulnerability Research team has helped to disclose and patch six new vulnerabilities over the past three weeks, including one in a driver that powers certain NVIDIA graphics cards.  

The majority of the vulnerabilities that Talos disclosed during this period exist in Ankitects Anki, an open-source program that allows users to study information using flashcards. The most serious of these issues has a CVSS score of 9.6 out of 10. 

All the vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy. 

For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website. 

Out-of-bounds read vulnerability in NVIDIA GPU Compiler Driver 

Discovered by Piotr Bania. 

A compiler driver in some NVIDIA graphics cards contains an out-of-bounds read vulnerability that could allow an adversary to read an arbitrary memory region. 

An adversary could exploit TALOS-2024-1956 (CVE-2024-0107) by sending a targeted device a specially crafted executable/shader file, leading to an out-of-bounds read. 

This vulnerability could be triggered from guest machines running virtualization environments to perform a guest-to-host escape — as previously demonstrated in other GPU vulnerabilities like TALOS-2018-0533. 
Support the originator by clicking the read the rest link below.