NVIDIA GPU Display Driver Vulnerability Could Lead to Code Execution, Data Tampering
CVE-2024-0121

7.8HIGH

Key Information:

Vendor: Nvidia
Status: Gpu, Vgpu, And Cloud Gaming
Vendor: CVE Published:; 26 October 2024

Summary

The NVIDIA GPU Display Driver for Windows contains a vulnerability within its user mode layer, enabling an unprivileged user to perform an out-of-bounds read operation. When exploited, this vulnerability can facilitate unauthorized code execution, disrupt service availability, elevate user privileges, disclose sensitive information, and cause data modifications. Ensuring timely updates and patches for the NVIDIA GPU Display Driver is crucial to mitigate these risks.

Affected Version(s)

GPU, vGPU, and Cloud Gaming All versions prior to 17.4, 16.8, and the October 2024 release

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5586

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 26, 2024
Vulnerability Reserved
Dec 2, 2023