CVE-2024-0079: 
Linux Ubuntu vulnerability analysis and mitigation

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (CVE-2024-0079), where a user in a guest VM can cause a NULL-pointer dereference in the host. The vulnerability was disclosed in February 2024 and affects multiple NVIDIA GPU Display Driver versions across Windows and Linux platforms (NVIDIA Security, NVD).

The vulnerability is classified as a NULL Pointer Dereference (CWE-476) with a CVSS v3.1 Base Score of 6.5 (Medium) and vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction, while potentially affecting resources beyond the security scope of the vulnerable component (NVIDIA Security).

A successful exploit of this vulnerability may lead to denial of service in the host system. The impact is limited to availability, with no direct impact on confidentiality or integrity (NVIDIA Security).

NVIDIA has released security updates across multiple driver branches to address this vulnerability. For Windows and Linux systems, users should update to the following versions: R550 (551.61), R535 (538.33), and R470 (474.82). For vGPU software, updates are available in versions 16.4 (535.161.05) and 13.10 (470.239.01) (NVIDIA Security).