7.8

CVE-2024-0090

NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Data is provided by the National Vulnerability Database (NVD)
NvidiaGpu Display Driver SwPlatformwindows Version >= 470 < 475.06
   NvidiaGeforce Version-
   NvidiaNvs Version-
   NvidiaQuadro Version-
   NvidiaRtx Version-
   NvidiaStudio Version-
   NvidiaTesla Version-
NvidiaGpu Display Driver SwPlatformwindows Version >= 535 < 538.67
   NvidiaGeforce Version-
   NvidiaNvs Version-
   NvidiaQuadro Version-
   NvidiaRtx Version-
   NvidiaStudio Version-
   NvidiaTesla Version-
NvidiaGpu Display Driver SwPlatformwindows Version >= 550 < 552.55
   NvidiaGeforce Version-
   NvidiaNvs Version-
   NvidiaQuadro Version-
   NvidiaRtx Version-
   NvidiaStudio Version-
   NvidiaTesla Version-
NvidiaGpu Display Driver SwPlatformwindows Version >= 555 < 555.99
   NvidiaGeforce Version-
   NvidiaNvs Version-
   NvidiaQuadro Version-
   NvidiaRtx Version-
   NvidiaStudio Version-
   NvidiaTesla Version-
NvidiaGpu Display Driver SwPlatformlinux Version >= 470 < 470.256.02
   NvidiaGeforce Version-
   NvidiaNvs Version-
   NvidiaQuadro Version-
   NvidiaRtx Version-
   NvidiaTesla Version-
NvidiaGpu Display Driver SwPlatformlinux Version >= 535 < 535.180.01
   NvidiaGeforce Version-
   NvidiaNvs Version-
   NvidiaQuadro Version-
   NvidiaRtx Version-
   NvidiaTesla Version-
NvidiaGpu Display Driver SwPlatformlinux Version >= 550 < 550.90.07
   NvidiaGeforce Version-
   NvidiaNvs Version-
   NvidiaQuadro Version-
   NvidiaRtx Version-
   NvidiaTesla Version-
NvidiaGpu Display Driver SwPlatformlinux Version >= 555 < 555.52.04
   NvidiaGeforce Version-
   NvidiaNvs Version-
   NvidiaQuadro Version-
   NvidiaRtx Version-
   NvidiaTesla Version-
NvidiaVirtual Gpu Version < 13.11
   CanonicalUbuntu Linux Version-
   CitrixHypervisor Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   RedhatEnterprise Linux Kernel-based Virtual Machine Version-
   VMwareVsphere Version-
NvidiaVirtual Gpu Version >= 14.0 < 16.6
   CanonicalUbuntu Linux Version-
   CitrixHypervisor Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   RedhatEnterprise Linux Kernel-based Virtual Machine Version-
   VMwareVsphere Version-
NvidiaVirtual Gpu Version >= 17.0 < 17.2
   CanonicalUbuntu Linux Version-
   CitrixHypervisor Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   RedhatEnterprise Linux Kernel-based Virtual Machine Version-
   VMwareVsphere Version-
NvidiaCloud Gaming Version < 555.99
   MicrosoftWindows Version-
NvidiaCloud Gaming Version < 555.52.04
   LinuxLinux Kernel Version-
   RedhatEnterprise Linux Kernel-based Virtual Machine Version-
   VMwareVsphere Version-
NvidiaVirtual Gpu Version < 17.2
   MicrosoftAzure Stack Hci Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.17% 0.388
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
psirt@nvidia.com 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.