NVIDIA GPU Display Driver Vulnerability Could Lead to Code Execution and Other Threats
CVE-2024-0073

7.8HIGH

Key Information:

Vendor: Nvidia
Status: Gpu Display Driver, Vgpu Driver, Cloud Gaming Driver
Vendor: CVE Published:; 27 March 2024

Summary

The NVIDIA GPU Display Driver for Windows exhibits a vulnerability within its kernel mode layer, primarily when executing operations at an inappropriate privilege level. This misconfiguration allows potential attackers to execute arbitrary code, leading to a variety of security threats, including unauthorized privilege escalation, denial of service conditions, potential data tampering, and information disclosure. Users of affected NVIDIA GPU drivers should prioritize applying available patches to safeguard against potential exploitation.

Affected Version(s)

GPU Display driver, vGPU driver, Cloud Gaming driver All versions prior to and including 16.3, 13.9, and all versions prior to and including the January 2024 release

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5520

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 27, 2024
Vulnerability Reserved
Dec 2, 2023