NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability which could allow a privileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Nvidia
  • Cloud Gaming Virtual Gpu
  • Gpu Display Driver
  • Virtual Gpu Manager

No data.

No data.

References
Link Providers
https://nvd.nist.gov/vuln/detail/CVE-2024-0126 cve-icon
https://nvidia.custhelp.com/app/answers/detail/a_id/5586 cve-icon cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-0126 cve-icon
History

Wed, 30 Oct 2024 01:45:00 +0000

Type Values Removed Values Added
Title nvidia-display-driver: privilege escalation vulnerability
References
Metrics threat_severity

None

 threat_severity

Important

Mon, 28 Oct 2024 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Nvidia
Nvidia cloud Gaming Virtual Gpu
Nvidia gpu Display Driver
Nvidia virtual Gpu Manager
CPEs cpe:2.3:a:nvidia:cloud_gaming_virtual_gpu:*:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*
cpe:2.3:a:nvidia:gpu_display_driver:-:*:*:*:*:linux:*:*
cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*
Vendors & Products Nvidia
Nvidia cloud Gaming Virtual Gpu
Nvidia gpu Display Driver
Nvidia virtual Gpu Manager
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Sat, 26 Oct 2024 08:15:00 +0000

Type Values Removed Values Added
Description NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability which could allow a privileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H'}
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published: 2024-10-26T08:01:44.000Z

Updated: 2024-11-01T03:55:23.839Z

Reserved: 2023-12-02T00:42:36.775Z

Link: CVE-2024-0126

cve-icon Vulnrichment

Updated: 2024-10-28T17:47:17.407Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-10-26T08:15:03.690

Modified: 2024-10-28T13:58:09.230

Link: CVE-2024-0126

cve-icon Redhat

Severity : Important

Publid Date: 2024-10-26T08:01:44Z

Links: CVE-2024-0126 - Bugzilla