NVIDIA has released a software update for NVIDIA® ChatRTX. To protect your system, download and install this software update from the ChatRTX Download page.
Go to NVIDIA Product Security.
This section provides a summary of potential vulnerabilities that this security update addresses and their impact. Descriptions use CWE™, and base scores and vectors use CVSS v3.1 standards.
CVE ID | Description | Vector | Base Score | Severity | CWE | Impacts |
---|---|---|---|---|---|---|
CVE-2024-0096 | NVIDIA ChatRTX for Windows contains a vulnerability in Chat RTX UI, where a user can cause an improper privilege management issue by sending user inputs to change execution flow. A successful exploit of this vulnerability might lead to information disclosure, escalation of privileges, and data tampering. | AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N | 7.5 | High | CWE-269 | Information disclosure, escalation of privileges, data tampering |
CVE-2024-0097 | NVIDIA ChatRTX for Windows contains a vulnerability in ChatRTX UI, where a user can cause an improper privilege management issue by exploiting interprocess communication between different processes. A successful exploit of this vulnerability might lead to information disclosure, escalation of privileges, and data tampering. | AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N | 7.5 | High | CWE-269 | Information disclosure, escalation of privileges, data tampering |
CVE-2024-0098 | NVIDIA ChatRTX for Windows contains a vulnerability in the ChatRTX UI and backend, where a user can cause a clear-text transmission of sensitive information issue by data sniffing. A successful exploit of this vulnerability might lead to information disclosure. | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 5.5 | Medium | CWE-319 | Information disclosure |
The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends evaluating the risk to your specific configuration.
The following table lists the NVIDIA products affected, versions affected, and the updated version that includes this security update.
Download the update from the ChatRTX Download page to apply the security update.
CVE IDs Addressed | Affected Products | Platform or OS | Affected Versions | Updated Version |
---|---|---|---|---|
CVE-2024-0096 | ||||
CVE-2024-0097 | ||||
CVE-2024-0098 | ChatRTX | Windows | All versions prior to and including 0.2.1 | NVIDIA ChatRTX 0.3 |