Nvidia issued 10 security alerts detailing vulnerabilities in the company’s GPU drivers and virtualization software. The vulnerabilities, if successfully exploited, could allow attackers to steal or tamper with data, execute arbitrary code, or take control of programs, the company said. Considering Nvidia’s growing prominence in AI data centers, these attacks could cause significant damage.
Nvidia issued security patches addressing vulnerabilities in Nvidia’s display drivers, which powers GPU visuals on computers. The company also patched the drivers and software for the vGPU virtualization software stack, which is used in data centers and cloud services to serve up virtual desktops and applications. Five security vulnerabilities had “high” severity ratings, with the remaining rated “medium.”
Nvidia urged companies to patch up drivers for Linux and Windows PCs and servers affected by the vulnerabilities.
“Applying Nvidia’s patches is crucial to prevent exploits, protect sensitive information, maintain system integrity, and ensure service availability,” says Callie Guenther, senior manager, cyber threat research at Critical Start, in a prepared research note.
Impact on AI
Nvidia’s latest GPUs are increasingly being used to power AI workloads and data centers. The popularity of Nvidia’s chips in AI make it an attractive target for hackers, said Kevin Krewell, a chip analyst at Tirias Research. AI data and models — especially the ones that are not open-sourced — are valuable and could be a target of GPU hacks, Krewell said.
“With Nvidia chips going into more data centers and the rush to deploy new AI stacks, there’s a new opportunity for vulnerabilities to be introduced,” Krewell says.
One of the affected products includes the seven-year-old Tesla GPUs, which are used in the Summit supercomputer (the ninth fastest such system in the world). Google also offers Tesla-based T4 instances to researchers developing AI applications for free via Google Colab. System administrators should pay close attention to patching these older GPUs, which are often ignored and easy targets for hackers to break into server installations. “Unpatched systems are definitely the easier way to break in. The issue is whether the Tesla chips have an inherent security vulnerability,” Krewell said.
“Hardware always lives longer than manufacturers want it to and the older you get the more likely the operating system doesn’t centralize the patch management on them,” says John Bambanek, president at security consulting firm Bambenek Consulting.
Chips Need Timely Patches
Chip makers have to be proactive in patching hardware and software vulnerabilities. Researchers last month published a paper demonstrating theft of data left by inactive processes on FPGAs (field-programmable gate arrays). FPGAs are used for applications that include machine learning in servers, PCs, IoT and telecom edge devices.
Nvidia has a 98% data-center GPU market share in 2023, according to research firm TechInsights. AMD plans to issue an updated driver to take care of data leakage issues in its MI300A and MI300X GPUs, which compete with Nvidia GPUs. Intel also patched a vulnerability in its AI software stack last month.
“AMD and Intel often produce regular reports on vulnerabilities that have been discovered, which can often be corrected by BIOS patches. Tesla GPUs could be patched with new drivers,” Krewell says.
About Author
