NVIDIA GPU Display Driver Vulnerability Could Lead to Code Execution, Data Tampering
CVE-2024-0071

7.8HIGH

Key Information:

Vendor: Nvidia
Status: Gpu Display Driver, Vgpu Driver, Cloud Gaming Driver
Vendor: CVE Published:; 27 March 2024

Summary

The NVIDIA GPU Display Driver for Windows has a vulnerability in the user mode layer that allows unprivileged users to perform an out-of-bounds write. Exploitation of this flaw can lead to various security threats including unauthorized code execution, denial of service scenarios, privilege escalation opportunities, potential information disclosure, and data integrity issues. This vulnerability emphasizes the importance of robust user access controls and timely driver updates to mitigate associated risks.

Affected Version(s)

GPU Display driver, vGPU driver, Cloud Gaming driver All versions prior to and including 16.3, 13.9, and all versions prior to and including the January 2024 release

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5520

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 27, 2024
Vulnerability Reserved
Dec 2, 2023