Multiple vulnerabilities in NVIDIA GPU display driver for Windows and Linux



Risk Low
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2024-0091
CVE-2024-0089
CVE-2024-0090
CVE-2024-0092
CWE-ID CWE-822
CWE-665
CWE-787
CWE-703
Exploitation vector Local
Public exploit N/A
Vulnerable software
NVIDIA Windows GPU Display Driver
Client/Desktop applications / Virtualization software

NVIDIA Linux GPU Display Driver
Hardware solutions / Drivers

Vendor nVidia

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Untrusted pointer dereference

EUVDB-ID: #VU91574

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-0091

CWE-ID: CWE-822 - Untrusted Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to untrusted pointer dereference. A local user can execute a driver API to execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

NVIDIA Windows GPU Display Driver: before 552.55

NVIDIA Linux GPU Display Driver: before 550.90.07

CPE2.3 External links

https://nvidia.custhelp.com/app/answers/detail/a_id/5551


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to open a a specially crafted file.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper Initialization

EUVDB-ID: #VU91573

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-0089

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper initialization. A local user can run a specially crafted application to gain access to information from a previous client or another process and execute arbitrary code.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

NVIDIA Windows GPU Display Driver: before 475.06

CPE2.3 External links

https://nvidia.custhelp.com/app/answers/detail/a_id/5551


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to open a a specially crafted file.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds write

EUVDB-ID: #VU91567

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-0090

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error. A local user can trigger an out-of-bounds write and execute arbitrary code with escalated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

NVIDIA Windows GPU Display Driver: before 475.06

NVIDIA Linux GPU Display Driver: before 470.256.02

CPE2.3 External links

https://nvidia.custhelp.com/app/answers/detail/a_id/5551


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to open a a specially crafted file.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper Check or Handling of Exceptional Conditions

EUVDB-ID: #VU91579

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-0092

CWE-ID: CWE-703 - Improper Check or Handling of Exceptional Conditions

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an improper check or improper handling of exception conditions. A local user can perform a denial of service (DoS)  attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

NVIDIA Windows GPU Display Driver: before 475.06

NVIDIA Linux GPU Display Driver: before 470.256.02

CPE2.3 External links

https://nvidia.custhelp.com/app/answers/detail/a_id/5551


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to open a a specially crafted file.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###