CVE-2024-0107

2024-08-0816:57:49

CWE-125

nvidia

www.cve.org

nvidia

display driver

windows

vulnerability

user mode

out-of-bounds read

code execution

denial of service

privilege escalation

information disclosure

data tampering .

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

Percentile

9.5%

JSON

NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "GPU Display Driver, vGPU Software, Cloud Gaming",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "All versions up to and including the June 2024 release"
      }
    ]
  }
]