NVIDIA GPU Display Driver Vulnerability Affects Windows Users
CVE-2024-0118

7.8HIGH

Key Information:

Vendor: Nvidia
Status: Gpu, Vgpu, And Cloud Gaming
Vendor: CVE Published:; 26 October 2024

Summary

The NVIDIA GPU Display Driver for Windows contains a vulnerability within its user mode layer that allows unprivileged regular users to exploit an out-of-bounds read condition. This exploitation can lead to various adverse outcomes including code execution, which may allow unauthorized access to system functions. Additionally, the vulnerability poses risks of denial of service, privilege escalation, information disclosure, and potential data tampering, affecting the integrity and availability of the system resources.

Affected Version(s)

GPU, vGPU, and Cloud Gaming All versions prior to 17.4, 16.8, and the October 2024 release

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5586

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 26, 2024
Vulnerability Reserved
Dec 2, 2023