NVIDIA GPU Display Driver Vulnerability Allows for Code Execution and Other Threats
CVE-2024-0120

7.8HIGH

Key Information:

Vendor: Nvidia
Status: Gpu, Vgpu, And Cloud Gaming
Vendor: CVE Published:; 26 October 2024

What is CVE-2024-0120?

The NVIDIA GPU Display Driver for Windows contains a vulnerability in its user mode layer that allows unprivileged users to exploit an out-of-bounds read. This flaw poses significant security risks including the possibility of unauthorized code execution, potential denial of service, and escalation of privileges. Furthermore, it potentially enables information disclosure and data tampering, which can severely compromise system integrity and user data.

Affected Version(s)

GPU, vGPU, and Cloud Gaming All versions prior to 17.4, 16.8, and the October 2024 release

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5586

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 26, 2024
Vulnerability Reserved
Dec 2, 2023

Nvidia

What is CVE-2024-0120?

Affected Version(s)

References

CVSS V3.1

Timeline