NVIDIA GPU Driver OOB Write Leading to Code Exec
CVE-2024-0090 Published on June 13, 2024
CVE
NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
Weakness Type
What is a Memory Corruption Vulnerability?
The software writes data past the end, or before the beginning, of the intended buffer. Typically, this can result in corruption of data, a crash, or code execution. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.
CVE-2024-0090 has been classified to as a Memory Corruption vulnerability or weakness.
Products Associated with CVE-2024-0090
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-0090 are published in NVIDIA Gpu Driver:
Affected Versions
nvidia GPU display driver, vGPU software, and Cloud Gaming:- Version All versions up to and including 17.1, 16.5, 13.10, and the April 2024 release is affected.
- Before and including 17.1 is affected.
- Before and including 16.5 is affected.
- Before and including 13.10 is affected.
- Before and including 16.5 is affected.
- Before and including 17.1 is affected.
- Before and including 13.10 is affected.
- Before and including 13.10 is affected.
- Before and including 17.1 is affected.
- Before and including 16.5 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.