{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-0126", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "state": "PUBLISHED", "assignerShortName": "nvidia", "dateReserved": "2023-12-02T00:42:36.775Z", "datePublished": "2024-10-26T08:01:44.000Z", "dateUpdated": "2024-11-01T03:55:23.839Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "GPU, vGPU, and Cloud Gaming", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All versions prior to 17.4, 16.8, and the October 2024 release"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<table><tbody><tr><td>NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability which could allow a privileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.</td></tr></tbody></table>"}], "value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability which could allow a privileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Code execution, denial of service, escalation of privileges, information disclosure, and data tampering"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2024-10-26T08:01:44.000Z"}, "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5586"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "nvidia", "product": "gpu_display_driver", "cpes": ["cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "565", "status": "affected", "lessThan": "566.03", "versionType": "custom"}, {"version": "550", "status": "affected", "lessThan": "553.24", "versionType": "custom"}, {"version": "535", "status": "affected", "lessThan": "538.95", "versionType": "custom"}]}, {"vendor": "nvidia", "product": "gpu_display_driver", "cpes": ["cpe:2.3:a:nvidia:gpu_display_driver:-:*:*:*:*:linux:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "565", "status": "affected", "lessThan": "565.57.01", "versionType": "custom"}, {"version": "550", "status": "affected", "lessThan": "550.127.05", "versionType": "custom"}, {"version": "535", "status": "affected", "lessThan": "535.216.01", "versionType": "custom"}]}, {"vendor": "nvidia", "product": "virtual_gpu_manager", "cpes": ["cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "16.8", "versionType": "custom"}, {"version": "17.0", "status": "affected", "lessThan": "17.4", "versionType": "custom"}]}, {"vendor": "nvidia", "product": "cloud_gaming_virtual_gpu", "cpes": ["cpe:2.3:a:nvidia:cloud_gaming_virtual_gpu:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "565.57.01", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-31T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2024-0126"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-01T03:55:23.839Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-0126", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-28T17:29:44.079908Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*"], "vendor": "nvidia", "product": "gpu_display_driver", "versions": [{"status": "affected", "version": "565", "lessThan": "566.03", "versionType": "custom"}, {"status": "affected", "version": "550", "lessThan": "553.24", "versionType": "custom"}, {"status": "affected", "version": "535", "lessThan": "538.95", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:nvidia:gpu_display_driver:-:*:*:*:*:linux:*:*"], "vendor": "nvidia", "product": "gpu_display_driver", "versions": [{"status": "affected", "version": "565", "lessThan": "565.57.01", "versionType": "custom"}, {"status": "affected", "version": "550", "lessThan": "550.127.05", "versionType": "custom"}, {"status": "affected", "version": "535", "lessThan": "535.216.01", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*"], "vendor": "nvidia", "product": "virtual_gpu_manager", "versions": [{"status": "affected", "version": "0", "lessThan": "16.8", "versionType": "custom"}, {"status": "affected", "version": "17.0", "lessThan": "17.4", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:nvidia:cloud_gaming_virtual_gpu:*:*:*:*:*:*:*:*"], "vendor": "nvidia", "product": "cloud_gaming_virtual_gpu", "versions": [{"status": "affected", "version": "0", "lessThan": "565.57.01", "versionType": "custom"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-28T17:47:17.407Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"descriptions": [{"lang": "en", "value": "Code execution, denial of service, escalation of privileges, information disclosure, and data tampering"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NVIDIA", "product": "GPU, vGPU, and Cloud Gaming", "versions": [{"status": "affected", "version": "All versions prior to 17.4, 16.8, and the October 2024 release"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5586"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability which could allow a privileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.", "supportingMedia": [{"type": "text/html", "value": "<table><tbody><tr><td>NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability which could allow a privileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.</td></tr></tbody></table>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2024-10-26T08:01:44.000Z"}}}, "cveMetadata": {"cveId": "CVE-2024-0126", "state": "PUBLISHED", "dateUpdated": "2024-11-01T03:55:23.839Z", "dateReserved": "2023-12-02T00:42:36.775Z", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "datePublished": "2024-10-26T08:01:44.000Z", "assignerShortName": "nvidia"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability which could allow a privileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering."}, {"lang": "es", "value": "NVIDIA GPU Display Driver para Windows y Linux contiene una vulnerabilidad que podr\u00eda permitir a un atacante privilegiado escalar permisos. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo, la denegaci\u00f3n de servicio, la escalada de privilegios, la divulgaci\u00f3n de informaci\u00f3n y la manipulaci\u00f3n de datos."}], "id": "CVE-2024-0126", "lastModified": "2024-10-28T13:58:09.230", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 6.0, "source": "psirt@nvidia.com", "type": "Secondary"}]}, "published": "2024-10-26T08:15:03.690", "references": [{"source": "psirt@nvidia.com", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5586"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "psirt@nvidia.com", "type": "Primary"}]}

{"bugzilla": {"description": "nvidia-display-driver: privilege escalation vulnerability", "id": "2321908", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2321908"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-20", "details": ["NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability which could allow a privileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.", "A flaw was found in the NVIDIA GPU Display Driver. A privileged local attacker may be able to exploit this issue to escalate permissions, which can lead to code execution, denial of service, information disclosure, and data tampering."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-0126", "package_state": [{"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Will not fix", "package_name": "rhelai1/bootc-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Will not fix", "package_name": "rhelai1/instructlab-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}], "public_date": "2024-10-26T08:01:44Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-0126\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-0126\nhttps://nvidia.custhelp.com/app/answers/detail/a_id/5586"], "threat_severity": "Important"}

{}