Risk | Low |
Patch available | YES |
Number of vulnerabilities | 4 |
CVE-ID | CVE-2024-0091 CVE-2024-0089 CVE-2024-0090 CVE-2024-0092 |
CWE-ID | CWE-822 CWE-665 CWE-787 CWE-703 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
NVIDIA Windows GPU Display Driver Client/Desktop applications / Virtualization software NVIDIA Linux GPU Display Driver Hardware solutions / Drivers |
Vendor |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
EUVDB-ID: #VU91574
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-0091
CWE-ID:
CWE-822 - Untrusted Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to untrusted pointer dereference. A local user can execute a driver API to execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsNVIDIA Windows GPU Display Driver: before 555.99
NVIDIA Linux GPU Display Driver: before 555.52.04
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/5551
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91573
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-0089
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper initialization. A local user can run a specially crafted application to gain access to information from a previous client or another process and execute arbitrary code.
Install updates from vendor's website.
Vulnerable software versionsNVIDIA Windows GPU Display Driver: before 555.99
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/5551
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91567
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-0090
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error. A local user can trigger an out-of-bounds write and execute arbitrary code with escalated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsNVIDIA Windows GPU Display Driver: before 555.99
NVIDIA Linux GPU Display Driver: before 555.52.04
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/5551
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91579
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-0092
CWE-ID:
CWE-703 - Improper Check or Handling of Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an improper check or improper handling of exception conditions. A local user can perform a denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versionsNVIDIA Windows GPU Display Driver: before 555.99
NVIDIA Linux GPU Display Driver: before 555.52.04
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/5551
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.