NVIDIA GPU Driver Vulnerability Could Lead to Code Execution, Data Tampering
CVE-2024-0090
7.8HIGH
Key Information:
- Vendor
- Nvidia
- Vendor
- CVE Published:
- 13 June 2024
Summary
The NVIDIA GPU driver for both Windows and Linux has a vulnerability that allows for an out-of-bounds write, which can be triggered by user interaction. This flaw poses significant security risks, as successful exploitation may lead to unauthorized code execution, denial of service, elevation of privileges, unauthorized information access, and potential data manipulation. It is crucial for users and system administrators to remain vigilant regarding updates and patches related to this vulnerability.
Affected Version(s)
GPU display driver, vGPU software, and Cloud Gaming All versions up to and including 17.1, 16.5, 13.10, and the April 2024 release
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved