Multiple vulnerabilities in NVIDIA GPU display driver for Windows and Linux



Published: 2024-06-10
Risk Low
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2024-0091
CVE-2024-0089
CVE-2024-0090
CVE-2024-0092
CWE-ID CWE-822
CWE-665
CWE-787
CWE-703
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
NVIDIA Windows GPU Display Driver
Client/Desktop applications / Virtualization software

NVIDIA Linux GPU Display Driver
Hardware solutions / Drivers

Vendor

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Untrusted pointer dereference

EUVDB-ID: #VU91574

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-0091

CWE-ID: CWE-822 - Untrusted Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to untrusted pointer dereference. A local user can execute a driver API to execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

NVIDIA Windows GPU Display Driver: before 555.99

NVIDIA Linux GPU Display Driver: before 555.52.04

External links

http://nvidia.custhelp.com/app/answers/detail/a_id/5551


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper Initialization

EUVDB-ID: #VU91573

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-0089

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper initialization. A local user can run a specially crafted application to gain access to information from a previous client or another process and execute arbitrary code.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

NVIDIA Windows GPU Display Driver: before 555.99

External links

http://nvidia.custhelp.com/app/answers/detail/a_id/5551


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds write

EUVDB-ID: #VU91567

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-0090

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error. A local user can trigger an out-of-bounds write and execute arbitrary code with escalated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

NVIDIA Windows GPU Display Driver: before 555.99

NVIDIA Linux GPU Display Driver: before 555.52.04

External links

http://nvidia.custhelp.com/app/answers/detail/a_id/5551


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper Check or Handling of Exceptional Conditions

EUVDB-ID: #VU91579

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-0092

CWE-ID: CWE-703 - Improper Check or Handling of Exceptional Conditions

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an improper check or improper handling of exception conditions. A local user can perform a denial of service (DoS)  attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

NVIDIA Windows GPU Display Driver: before 555.99

NVIDIA Linux GPU Display Driver: before 555.52.04

External links

http://nvidia.custhelp.com/app/answers/detail/a_id/5551


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###