Information Disclosure Vulnerability in NVIDIA Unified Memory Driver for Linux
CVE-2024-53869

5.5MEDIUM

Key Information:

Vendor: Nvidia
Status: Nvidia Gpu Display Driver, Vgpu Software
Vendor: CVE Published:; 28 January 2025

Summary

The NVIDIA Unified Memory driver for Linux has a vulnerability that allows attackers to leak uninitialized memory contents. This flaw can lead to unintended information disclosure, potentially exposing sensitive data. Attackers may exploit this weakness to retrieve confidential memory data that should not be accessible. Users of the affected versions should take steps to mitigate this risk and update their drivers to the latest version.

Affected Version(s)

NVIDIA GPU Display Driver, vGPU software R535, R550

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5614

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 28, 2025
Vulnerability Reserved
Nov 22, 2024