CVE-2024-0090 — Out-of-bounds Write in Nvidia Cloud Gaming

CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.2%

top 53.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Cloud Gaming Nvidia GPU Display Driver Nvidia Virtual GPU

Timeline

PublishedJun 13

Description

NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDnvidia/gpu_display_driver470 — 475.06+7

▶NVDnvidia/virtual_gpu14.0 — 16.6+3

▶NVDnvidia/cloud_gaming< 555.99+1

🔴Vulnerability Details

OSV

CVE-2024-0090: NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write↗2024-06-13

▶

CVEList

CVE↗2024-06-13

▶

📋Vendor Advisories

Debian

CVE-2024-0090: nvidia-graphics-drivers - NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user ca...↗2024

▶