Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-0127 (GCVE-0-2024-0127)
Vulnerability from cvelistv5 – Published: 2024-10-26 08:10 – Updated: 2024-11-01 03:55
VLAI
EPSS
Summary
NVIDIA vGPU software contains a vulnerability in the GPU kernel driver of the vGPU Manager for all supported hypervisors, where a user of the guest OS can cause an improper input validation by compromising the guest OS kernel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.
Severity
7.8 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NVIDIA | vGPU and Cloud Gaming |
Affected:
All versions prior to 17.4, 16.8, and the October 2024 release
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "virtual_gpu_manager",
"vendor": "nvidia",
"versions": [
{
"lessThan": "16.8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "17.4",
"status": "affected",
"version": "17.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:nvidia:cloud_gaming_virtual_gpu:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "cloud_gaming_virtual_gpu",
"vendor": "nvidia",
"versions": [
{
"lessThan": "565.57.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0127",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-31T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T03:55:29.744Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "vGPU and Cloud Gaming",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 17.4, 16.8, and the October 2024 release"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNVIDIA vGPU software contains a vulnerability in the GPU kernel driver of the vGPU Manager for all supported hypervisors, where a user of the guest OS can cause an improper input validation by compromising the guest OS kernel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.\u003c/span\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\n\n\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "NVIDIA vGPU software contains a vulnerability in the GPU kernel driver of the vGPU Manager for all supported hypervisors, where a user of the guest OS can cause an improper input validation by compromising the guest OS kernel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Code execution, escalation of privileges, data tampering, denial of service, and information disclosure"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-26T08:10:56.367Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5586"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2024-0127",
"datePublished": "2024-10-26T08:10:56.367Z",
"dateReserved": "2023-12-02T00:42:37.579Z",
"dateUpdated": "2024-11-01T03:55:29.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-0127",
"date": "2026-05-26",
"epss": "0.00074",
"percentile": "0.22113"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-0127\",\"sourceIdentifier\":\"psirt@nvidia.com\",\"published\":\"2024-10-26T09:15:02.957\",\"lastModified\":\"2024-10-28T13:58:09.230\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"NVIDIA vGPU software contains a vulnerability in the GPU kernel driver of the vGPU Manager for all supported hypervisors, where a user of the guest OS can cause an improper input validation by compromising the guest OS kernel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.\"},{\"lang\":\"es\",\"value\":\"El software NVIDIA vGPU contiene una vulnerabilidad en el controlador del n\u00facleo de la GPU del administrador de vGPU para todos los hipervisores compatibles, donde un usuario del sistema operativo invitado puede provocar una validaci\u00f3n de entrada incorrecta al comprometer el n\u00facleo del sistema operativo invitado. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo, la escalada de privilegios, la manipulaci\u00f3n de datos, la denegaci\u00f3n de servicio y la divulgaci\u00f3n de informaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@nvidia.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@nvidia.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"references\":[{\"url\":\"https://nvidia.custhelp.com/app/answers/detail/a_id/5586\",\"source\":\"psirt@nvidia.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-0127\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-28T16:54:18.709074Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*\"], \"vendor\": \"nvidia\", \"product\": \"virtual_gpu_manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"16.8\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"17.0\", \"lessThan\": \"17.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:a:nvidia:cloud_gaming_virtual_gpu:*:*:*:*:*:*:*:*\"], \"vendor\": \"nvidia\", \"product\": \"cloud_gaming_virtual_gpu\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"565.57.01\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-28T16:55:51.367Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"descriptions\": [{\"lang\": \"en\", \"value\": \"Code execution, escalation of privileges, data tampering, denial of service, and information disclosure\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"NVIDIA\", \"product\": \"vGPU and Cloud Gaming\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions prior to 17.4, 16.8, and the October 2024 release\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://nvidia.custhelp.com/app/answers/detail/a_id/5586\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"NVIDIA vGPU software contains a vulnerability in the GPU kernel driver of the vGPU Manager for all supported hypervisors, where a user of the guest OS can cause an improper input validation by compromising the guest OS kernel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eNVIDIA vGPU software contains a vulnerability in the GPU kernel driver of the vGPU Manager for all supported hypervisors, where a user of the guest OS can cause an improper input validation by compromising the guest OS kernel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.\u003c/span\u003e\\n\\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\\n\\n\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"9576f279-3576-44b5-a4af-b9a8644b2de6\", \"shortName\": \"nvidia\", \"dateUpdated\": \"2024-10-26T08:10:56.367Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-0127\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-01T03:55:29.744Z\", \"dateReserved\": \"2023-12-02T00:42:37.579Z\", \"assignerOrgId\": \"9576f279-3576-44b5-a4af-b9a8644b2de6\", \"datePublished\": \"2024-10-26T08:10:56.367Z\", \"assignerShortName\": \"nvidia\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
BDU:2024-09488
Vulnerability from fstec - Published: 22.10.2024
VLAI
Title
Уязвимость драйвера виртуальных графических процессоров NVIDIA Virtual GPU, связанная с недостаточной проверкой входных данных, позволяющая нарушителю повысить свои привилегии, выполнить произвольный код или вызвать отказ в обслуживании
Description
Уязвимость компонента NVIDIA Virtual GPU Manager драйвера виртуальных графических процессоров NVIDIA Virtual GPU связана с недостаточной проверкой входных данных. Эксплуатация уязвимости может позволить нарушителю повысить свои привилегии, выполнить произвольный код или вызвать отказ в обслуживании
Severity
Vendor
ООО «Ред Софт», Novell Inc., NVIDIA Corp.
Software Name
РЕД ОС (запись в едином реестре российских программ №3751), Suse Linux Enterprise Server, SUSE Manager Retail Branch Server, SUSE Manager Proxy, SUSE Manager Server, SUSE Linux Enterprise High Performance Computing, SUSE Linux Enterprise Module for Basesystem, SUSE Linux Enterprise Micro, Suse Linux Enterprise Desktop, SUSE Linux Enterprise Server for SAP Applications, OpenSUSE Leap, vGPU, Cloud Gaming Virtual GPU Manager, SUSE Linux Micro
Software Version
7.3 (РЕД ОС), 15 SP4 (Suse Linux Enterprise Server), 4.3 (SUSE Manager Retail Branch Server), 4.3 (SUSE Manager Proxy), 4.3 (SUSE Manager Server), 15 SP4 (SUSE Linux Enterprise High Performance Computing), 15 SP4 (SUSE Linux Enterprise Module for Basesystem), 5.3 (SUSE Linux Enterprise Micro), 15 SP5 (Suse Linux Enterprise Server), 15 SP5 (SUSE Linux Enterprise High Performance Computing), 15 SP5 (SUSE Linux Enterprise Module for Basesystem), 5.4 (SUSE Linux Enterprise Micro), 5.5 (SUSE Linux Enterprise Micro), 15 SP4-LTSS (SUSE Linux Enterprise High Performance Computing), 15 SP4-LTSS (Suse Linux Enterprise Server), 15 SP6 (Suse Linux Enterprise Desktop), 15 SP6 (Suse Linux Enterprise Server), 15 SP6 (SUSE Linux Enterprise Server for SAP Applications), 15 SP6 (SUSE Linux Enterprise High Performance Computing), 15 SP6 (SUSE Linux Enterprise Module for Basesystem), 15.6 (OpenSUSE Leap), до 550.127.06 (vGPU), до 535.216.01 (vGPU), до 553.20 (vGPU), до 565.57.01 (Cloud Gaming Virtual GPU Manager), 15 SP5-LTSS (Suse Linux Enterprise Server), 15 SP5-LTSS (SUSE Linux Enterprise High Performance Computing), 15 SP5-ESPOS (SUSE Linux Enterprise High Performance Computing), LTS 4.3 (SUSE Manager Proxy), LTS 4.3 (SUSE Manager Retail Branch Server), LTS 4.3 (SUSE Manager Server), 6.0 (SUSE Linux Micro), 6.1 (SUSE Linux Micro)
Possible Mitigations
В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года.
Использование рекомендаций:
Для NVIDIA:
https://nvidia.custhelp.com/app/answers/detail/a_id/5586
Для
РедОС:
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2024-0127.html
Reference
https://nvidia.custhelp.com/app/answers/detail/a_id/5586
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
https://www.suse.com/security/cve/CVE-2024-0127.html
CWE
CWE-20
{
"CVSS 2.0": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, Novell Inc., NVIDIA Corp.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.3 (\u0420\u0415\u0414 \u041e\u0421), 15 SP4 (Suse Linux Enterprise Server), 4.3 (SUSE Manager Retail Branch Server), 4.3 (SUSE Manager Proxy), 4.3 (SUSE Manager Server), 15 SP4 (SUSE Linux Enterprise High Performance Computing), 15 SP4 (SUSE Linux Enterprise Module for Basesystem), 5.3 (SUSE Linux Enterprise Micro), 15 SP5 (Suse Linux Enterprise Server), 15 SP5 (SUSE Linux Enterprise High Performance Computing), 15 SP5 (SUSE Linux Enterprise Module for Basesystem), 5.4 (SUSE Linux Enterprise Micro), 5.5 (SUSE Linux Enterprise Micro), 15 SP4-LTSS (SUSE Linux Enterprise High Performance Computing), 15 SP4-LTSS (Suse Linux Enterprise Server), 15 SP6 (Suse Linux Enterprise Desktop), 15 SP6 (Suse Linux Enterprise Server), 15 SP6 (SUSE Linux Enterprise Server for SAP Applications), 15 SP6 (SUSE Linux Enterprise High Performance Computing), 15 SP6 (SUSE Linux Enterprise Module for Basesystem), 15.6 (OpenSUSE Leap), \u0434\u043e 550.127.06 (vGPU), \u0434\u043e 535.216.01 (vGPU), \u0434\u043e 553.20 (vGPU), \u0434\u043e 565.57.01 (Cloud Gaming Virtual GPU Manager), 15 SP5-LTSS (Suse Linux Enterprise Server), 15 SP5-LTSS (SUSE Linux Enterprise High Performance Computing), 15 SP5-ESPOS (SUSE Linux Enterprise High Performance Computing), LTS 4.3 (SUSE Manager Proxy), LTS 4.3 (SUSE Manager Retail Branch Server), LTS 4.3 (SUSE Manager Server), 6.0 (SUSE Linux Micro), 6.1 (SUSE Linux Micro)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0412 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c\u0441\u044f \"\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c LINUX\", \u0438\u0437\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0424\u0421\u0422\u042d\u041a \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u043e\u043c 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\n\u0414\u043b\u044f NVIDIA:\nhttps://nvidia.custhelp.com/app/answers/detail/a_id/5586\n\n\u0414\u043b\u044f \n\n\u0420\u0435\u0434\u041e\u0421: \n\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2024-0127.html",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "22.10.2024",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "01.10.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "14.11.2024",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-09488",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-0127",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Suse Linux Enterprise Server, SUSE Manager Retail Branch Server, SUSE Manager Proxy, SUSE Manager Server, SUSE Linux Enterprise High Performance Computing, SUSE Linux Enterprise Module for Basesystem, SUSE Linux Enterprise Micro, Suse Linux Enterprise Desktop, SUSE Linux Enterprise Server for SAP Applications, OpenSUSE Leap, vGPU, Cloud Gaming Virtual GPU Manager, SUSE Linux Micro",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu - , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Novell Inc. Suse Linux Enterprise Server 15 SP4 , Novell Inc. Suse Linux Enterprise Server 15 SP5 , Novell Inc. Suse Linux Enterprise Server 15 SP4-LTSS , Novell Inc. Suse Linux Enterprise Desktop 15 SP6 , Novell Inc. Suse Linux Enterprise Server 15 SP6 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP6 , Novell Inc. OpenSUSE Leap 15.6 , VMware Inc. VMware vSphere - , Red Hat Inc. Red Hat Enterprise Linux KVM - , Microsoft Corp Azure Stack HCI - , Novell Inc. Suse Linux Enterprise Server 15 SP5-LTSS , Novell Inc. SUSE Linux Micro 6.0 , Novell Inc. SUSE Linux Micro 6.1 ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 NVIDIA Virtual GPU, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 NVIDIA Virtual GPU Manager \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 NVIDIA Virtual GPU \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvidia.custhelp.com/app/answers/detail/a_id/5586\n\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://www.suse.com/security/cve/CVE-2024-0127.html",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)"
}
FKIE_CVE-2024-0127
Vulnerability from fkie_nvd - Published: 2024-10-26 09:15 - Updated: 2026-04-15 00:35
Severity
Summary
NVIDIA vGPU software contains a vulnerability in the GPU kernel driver of the vGPU Manager for all supported hypervisors, where a user of the guest OS can cause an improper input validation by compromising the guest OS kernel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA vGPU software contains a vulnerability in the GPU kernel driver of the vGPU Manager for all supported hypervisors, where a user of the guest OS can cause an improper input validation by compromising the guest OS kernel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure."
},
{
"lang": "es",
"value": "El software NVIDIA vGPU contiene una vulnerabilidad en el controlador del n\u00facleo de la GPU del administrador de vGPU para todos los hipervisores compatibles, donde un usuario del sistema operativo invitado puede provocar una validaci\u00f3n de entrada incorrecta al comprometer el n\u00facleo del sistema operativo invitado. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo, la escalada de privilegios, la manipulaci\u00f3n de datos, la denegaci\u00f3n de servicio y la divulgaci\u00f3n de informaci\u00f3n."
}
],
"id": "CVE-2024-0127",
"lastModified": "2026-04-15T00:35:42.020",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@nvidia.com",
"type": "Secondary"
}
]
},
"published": "2024-10-26T09:15:02.957",
"references": [
{
"source": "psirt@nvidia.com",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5586"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "psirt@nvidia.com",
"type": "Secondary"
}
]
}
GHSA-WP3J-HRJF-2G38
Vulnerability from github – Published: 2024-10-26 09:30 – Updated: 2024-10-26 09:30
VLAI
Details
NVIDIA vGPU software contains a vulnerability in the GPU kernel driver of the vGPU Manager for all supported hypervisors, where a user of the guest OS can cause an improper input validation by compromising the guest OS kernel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.
Severity
7.8 (High)
{
"affected": [],
"aliases": [
"CVE-2024-0127"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-26T09:15:02Z",
"severity": "HIGH"
},
"details": "NVIDIA vGPU software contains a vulnerability in the GPU kernel driver of the vGPU Manager for all supported hypervisors, where a user of the guest OS can cause an improper input validation by compromising the guest OS kernel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.",
"id": "GHSA-wp3j-hrjf-2g38",
"modified": "2024-10-26T09:30:43Z",
"published": "2024-10-26T09:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0127"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5586"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2024-0127
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2024-0127",
"id": "GSD-2024-0127"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-0127"
],
"id": "GSD-2024-0127",
"modified": "2023-12-13T01:21:42.535899Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2024-0127",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
}
}
WID-SEC-W-2024-3255
Vulnerability from csaf_certbund - Published: 2024-10-22 22:00 - Updated: 2024-12-15 23:00Summary
Nvidia Treiber: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: NVidia ist ein Hersteller von Grafikkarten.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Nvidia Treibern ausnutzen, um seine Rechte zu erweitern, Code auszuführen, Daten offenzulegen oder zu manipulieren oder einen Denial of Service zu verursachen.
Betroffene Betriebssysteme: - Linux
- Windows
In Nvidia GPU Display Treibern für Windows existieren mehrere Schwachstellen. In der Benutzermodus-Schicht bestehen Out-of-bounds-Read Probleme. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um seine Rechte zu erweitern, Code auszuführen, Daten offenzulegen oder zu manipulieren oder einen Denial of Service zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HP Computer
HP
|
cpe:/h:hp:computer:-
|
— | |
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
Nvidia Treiber Windows <538.95
Nvidia / Treiber
|
Windows <538.95 | ||
|
Lenovo Computer
Lenovo
|
cpe:/h:lenovo:computer:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Nvidia Treiber Windows <553.24
Nvidia / Treiber
|
Windows <553.24 | ||
|
Nvidia Treiber Windows <566.03
Nvidia / Treiber
|
Windows <566.03 |
In Nvidia GPU Display Treibern für Windows existieren mehrere Schwachstellen. In der Benutzermodus-Schicht bestehen Out-of-bounds-Read Probleme. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um seine Rechte zu erweitern, Code auszuführen, Daten offenzulegen oder zu manipulieren oder einen Denial of Service zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HP Computer
HP
|
cpe:/h:hp:computer:-
|
— | |
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
Nvidia Treiber Windows <538.95
Nvidia / Treiber
|
Windows <538.95 | ||
|
Lenovo Computer
Lenovo
|
cpe:/h:lenovo:computer:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Nvidia Treiber Windows <553.24
Nvidia / Treiber
|
Windows <553.24 | ||
|
Nvidia Treiber Windows <566.03
Nvidia / Treiber
|
Windows <566.03 |
In Nvidia GPU Display Treibern für Windows existieren mehrere Schwachstellen. In der Benutzermodus-Schicht bestehen Out-of-bounds-Read Probleme. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um seine Rechte zu erweitern, Code auszuführen, Daten offenzulegen oder zu manipulieren oder einen Denial of Service zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HP Computer
HP
|
cpe:/h:hp:computer:-
|
— | |
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
Nvidia Treiber Windows <538.95
Nvidia / Treiber
|
Windows <538.95 | ||
|
Lenovo Computer
Lenovo
|
cpe:/h:lenovo:computer:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Nvidia Treiber Windows <553.24
Nvidia / Treiber
|
Windows <553.24 | ||
|
Nvidia Treiber Windows <566.03
Nvidia / Treiber
|
Windows <566.03 |
In Nvidia GPU Display Treibern für Windows existieren mehrere Schwachstellen. In der Benutzermodus-Schicht bestehen Out-of-bounds-Read Probleme. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um seine Rechte zu erweitern, Code auszuführen, Daten offenzulegen oder zu manipulieren oder einen Denial of Service zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HP Computer
HP
|
cpe:/h:hp:computer:-
|
— | |
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
Nvidia Treiber Windows <538.95
Nvidia / Treiber
|
Windows <538.95 | ||
|
Lenovo Computer
Lenovo
|
cpe:/h:lenovo:computer:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Nvidia Treiber Windows <553.24
Nvidia / Treiber
|
Windows <553.24 | ||
|
Nvidia Treiber Windows <566.03
Nvidia / Treiber
|
Windows <566.03 |
In Nvidia GPU Display Treibern für Windows existieren mehrere Schwachstellen. In der Benutzermodus-Schicht bestehen Out-of-bounds-Read Probleme. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um seine Rechte zu erweitern, Code auszuführen, Daten offenzulegen oder zu manipulieren oder einen Denial of Service zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HP Computer
HP
|
cpe:/h:hp:computer:-
|
— | |
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
Nvidia Treiber Windows <538.95
Nvidia / Treiber
|
Windows <538.95 | ||
|
Lenovo Computer
Lenovo
|
cpe:/h:lenovo:computer:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Nvidia Treiber Windows <553.24
Nvidia / Treiber
|
Windows <553.24 | ||
|
Nvidia Treiber Windows <566.03
Nvidia / Treiber
|
Windows <566.03 |
In Nvidia GPU Display Treibern existiert eine Schwachstelle aufgrund einer ungenügenden Eingabeüberprüfung. Ein lokaler privilegierter Angreifer kann diese Schwachstelle ausnutzen, um seine Rechte zu erweitern, Code auszuführen, Daten offenzulegen oder zu manipulieren oder einen Denial of Service zu verursachen.
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HP Computer
HP
|
cpe:/h:hp:computer:-
|
— | |
|
Nvidia Treiber Linux <565.57.01
Nvidia / Treiber
|
Linux <565.57.01 | ||
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
Nvidia Treiber Windows <538.95
Nvidia / Treiber
|
Windows <538.95 | ||
|
Lenovo Computer
Lenovo
|
cpe:/h:lenovo:computer:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Nvidia Treiber Linux <535.216.01
Nvidia / Treiber
|
Linux <535.216.01 | ||
|
Nvidia Treiber Linux <550.127.05
Nvidia / Treiber
|
Linux <550.127.05 | ||
|
Nvidia Treiber Windows <553.24
Nvidia / Treiber
|
Windows <553.24 | ||
|
Nvidia Treiber Windows <566.03
Nvidia / Treiber
|
Windows <566.03 |
Die NVIDIA vGPU Software enthält eine Sicherheitslücke im GPU-Kernel-Treiber des vGPU Managers für alle unterstützten Hypervisoren. Diese besteht aufgrund einer ungenügenden Eingabevalidierung, wodurch der Kernel des Gastbetriebssystems kompromittiert werden kann. Ein am Gastsystem angemeldeter Angreifer kann diese Schwachstelle ausnutzen, um seine Rechte zu erweitern, Code auszuführen, Daten offenzulegen oder zu manipulieren oder einen Denial of Service zu verursachen.
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HP Computer
HP
|
cpe:/h:hp:computer:-
|
— | |
|
Nvidia Treiber Linux <565.57.01
Nvidia / Treiber
|
Linux <565.57.01 | ||
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
Nvidia Treiber Windows <538.95
Nvidia / Treiber
|
Windows <538.95 | ||
|
Lenovo Computer
Lenovo
|
cpe:/h:lenovo:computer:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Nvidia Treiber Linux <535.216.01
Nvidia / Treiber
|
Linux <535.216.01 | ||
|
Nvidia Treiber Linux <550.127.05
Nvidia / Treiber
|
Linux <550.127.05 | ||
|
Nvidia Treiber Windows <553.24
Nvidia / Treiber
|
Windows <553.24 | ||
|
Nvidia Treiber Windows <566.03
Nvidia / Treiber
|
Windows <566.03 |
Die NVIDIA vGPU Software enthält eine Schwachstelle im Virtual GPU Manager. Diese besteht aufgrund einer falschen Berechtigungszuweisung für kritische Ressourcen. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Rechte zu erweitern, Informationen ofenzulegen oder Daten zu manipulieren.
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HP Computer
HP
|
cpe:/h:hp:computer:-
|
— | |
|
Nvidia Treiber Linux <565.57.01
Nvidia / Treiber
|
Linux <565.57.01 | ||
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
Nvidia Treiber Windows <538.95
Nvidia / Treiber
|
Windows <538.95 | ||
|
Lenovo Computer
Lenovo
|
cpe:/h:lenovo:computer:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Nvidia Treiber Linux <535.216.01
Nvidia / Treiber
|
Linux <535.216.01 | ||
|
Nvidia Treiber Linux <550.127.05
Nvidia / Treiber
|
Linux <550.127.05 | ||
|
Nvidia Treiber Windows <553.24
Nvidia / Treiber
|
Windows <553.24 | ||
|
Nvidia Treiber Windows <566.03
Nvidia / Treiber
|
Windows <566.03 |
References
7 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "NVidia ist ein Hersteller von Grafikkarten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Nvidia Treibern ausnutzen, um seine Rechte zu erweitern, Code auszuf\u00fchren, Daten offenzulegen oder zu manipulieren oder einen Denial of Service zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-3255 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3255.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-3255 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3255"
},
{
"category": "external",
"summary": "NVIDIA GPU Display Drivers Advisory - October 2024 vom 2024-10-22",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5586"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-401 vom 2024-10-24",
"url": "https://www.dell.com/support/kbdoc/de-de/000228639/dsa-2024-401"
},
{
"category": "external",
"summary": "Lenovo Security Advisory LEN-173640 vom 2024-11-13",
"url": "https://support.lenovo.com/us/en/product_security/LEN-173640"
},
{
"category": "external",
"summary": "HP Security Bulletin HPSBHF03990 vom 2024-11-26",
"url": "https://support.hp.com/us-en/document/ish_11695845-11695873-16/HPSBHF03990"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202412-20 vom 2024-12-14",
"url": "https://security.gentoo.org/glsa/202412-20"
}
],
"source_lang": "en-US",
"title": "Nvidia Treiber: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-12-15T23:00:00.000+00:00",
"generator": {
"date": "2024-12-16T09:12:31.827+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2024-3255",
"initial_release_date": "2024-10-22T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-10-22T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-10-24T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-11-12T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von LENOVO aufgenommen"
},
{
"date": "2024-12-08T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von HP aufgenommen"
},
{
"date": "2024-12-15T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Gentoo aufgenommen"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Dell Computer",
"product": {
"name": "Dell Computer",
"product_id": "T036868",
"product_identification_helper": {
"cpe": "cpe:/o:dell:dell_computer:-"
}
}
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"category": "product_name",
"name": "HP Computer",
"product": {
"name": "HP Computer",
"product_id": "T031288",
"product_identification_helper": {
"cpe": "cpe:/h:hp:computer:-"
}
}
}
],
"category": "vendor",
"name": "HP"
},
{
"branches": [
{
"category": "product_name",
"name": "Lenovo Computer",
"product": {
"name": "Lenovo Computer",
"product_id": "T026557",
"product_identification_helper": {
"cpe": "cpe:/h:lenovo:computer:-"
}
}
}
],
"category": "vendor",
"name": "Lenovo"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Linux \u003c565.57.01",
"product": {
"name": "Nvidia Treiber Linux \u003c565.57.01",
"product_id": "T038539"
}
},
{
"category": "product_version",
"name": "Linux 565.57.01",
"product": {
"name": "Nvidia Treiber Linux 565.57.01",
"product_id": "T038539-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nvidia:display_driver:linux__565.57.01"
}
}
},
{
"category": "product_version_range",
"name": "Linux \u003c550.127.05",
"product": {
"name": "Nvidia Treiber Linux \u003c550.127.05",
"product_id": "T038540"
}
},
{
"category": "product_version",
"name": "Linux 550.127.05",
"product": {
"name": "Nvidia Treiber Linux 550.127.05",
"product_id": "T038540-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nvidia:display_driver:linux__550.127.05"
}
}
},
{
"category": "product_version_range",
"name": "Linux \u003c535.216.01",
"product": {
"name": "Nvidia Treiber Linux \u003c535.216.01",
"product_id": "T038541"
}
},
{
"category": "product_version",
"name": "Linux 535.216.01",
"product": {
"name": "Nvidia Treiber Linux 535.216.01",
"product_id": "T038541-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nvidia:display_driver:linux__535.216.01"
}
}
},
{
"category": "product_version_range",
"name": "Windows \u003c566.03",
"product": {
"name": "Nvidia Treiber Windows \u003c566.03",
"product_id": "T038542"
}
},
{
"category": "product_version",
"name": "Windows 566.03",
"product": {
"name": "Nvidia Treiber Windows 566.03",
"product_id": "T038542-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nvidia:display_driver:windows__566.03"
}
}
},
{
"category": "product_version_range",
"name": "Windows \u003c553.24",
"product": {
"name": "Nvidia Treiber Windows \u003c553.24",
"product_id": "T038543"
}
},
{
"category": "product_version",
"name": "Windows 553.24",
"product": {
"name": "Nvidia Treiber Windows 553.24",
"product_id": "T038543-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nvidia:display_driver:windows__553.24"
}
}
},
{
"category": "product_version_range",
"name": "Windows \u003c538.95",
"product": {
"name": "Nvidia Treiber Windows \u003c538.95",
"product_id": "T038544"
}
},
{
"category": "product_version",
"name": "Windows 538.95",
"product": {
"name": "Nvidia Treiber Windows 538.95",
"product_id": "T038544-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nvidia:display_driver:windows__538.95"
}
}
}
],
"category": "product_name",
"name": "Treiber"
}
],
"category": "vendor",
"name": "Nvidia"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-0117",
"notes": [
{
"category": "description",
"text": "In Nvidia GPU Display Treibern f\u00fcr Windows existieren mehrere Schwachstellen. In der Benutzermodus-Schicht bestehen Out-of-bounds-Read Probleme. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um seine Rechte zu erweitern, Code auszuf\u00fchren, Daten offenzulegen oder zu manipulieren oder einen Denial of Service zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T031288",
"T036868",
"T038544",
"T026557",
"T012167",
"T038543",
"T038542"
]
},
"release_date": "2024-10-22T22:00:00.000+00:00",
"title": "CVE-2024-0117"
},
{
"cve": "CVE-2024-0118",
"notes": [
{
"category": "description",
"text": "In Nvidia GPU Display Treibern f\u00fcr Windows existieren mehrere Schwachstellen. In der Benutzermodus-Schicht bestehen Out-of-bounds-Read Probleme. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um seine Rechte zu erweitern, Code auszuf\u00fchren, Daten offenzulegen oder zu manipulieren oder einen Denial of Service zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T031288",
"T036868",
"T038544",
"T026557",
"T012167",
"T038543",
"T038542"
]
},
"release_date": "2024-10-22T22:00:00.000+00:00",
"title": "CVE-2024-0118"
},
{
"cve": "CVE-2024-0119",
"notes": [
{
"category": "description",
"text": "In Nvidia GPU Display Treibern f\u00fcr Windows existieren mehrere Schwachstellen. In der Benutzermodus-Schicht bestehen Out-of-bounds-Read Probleme. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um seine Rechte zu erweitern, Code auszuf\u00fchren, Daten offenzulegen oder zu manipulieren oder einen Denial of Service zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T031288",
"T036868",
"T038544",
"T026557",
"T012167",
"T038543",
"T038542"
]
},
"release_date": "2024-10-22T22:00:00.000+00:00",
"title": "CVE-2024-0119"
},
{
"cve": "CVE-2024-0120",
"notes": [
{
"category": "description",
"text": "In Nvidia GPU Display Treibern f\u00fcr Windows existieren mehrere Schwachstellen. In der Benutzermodus-Schicht bestehen Out-of-bounds-Read Probleme. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um seine Rechte zu erweitern, Code auszuf\u00fchren, Daten offenzulegen oder zu manipulieren oder einen Denial of Service zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T031288",
"T036868",
"T038544",
"T026557",
"T012167",
"T038543",
"T038542"
]
},
"release_date": "2024-10-22T22:00:00.000+00:00",
"title": "CVE-2024-0120"
},
{
"cve": "CVE-2024-0121",
"notes": [
{
"category": "description",
"text": "In Nvidia GPU Display Treibern f\u00fcr Windows existieren mehrere Schwachstellen. In der Benutzermodus-Schicht bestehen Out-of-bounds-Read Probleme. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um seine Rechte zu erweitern, Code auszuf\u00fchren, Daten offenzulegen oder zu manipulieren oder einen Denial of Service zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T031288",
"T036868",
"T038544",
"T026557",
"T012167",
"T038543",
"T038542"
]
},
"release_date": "2024-10-22T22:00:00.000+00:00",
"title": "CVE-2024-0121"
},
{
"cve": "CVE-2024-0126",
"notes": [
{
"category": "description",
"text": "In Nvidia GPU Display Treibern existiert eine Schwachstelle aufgrund einer ungen\u00fcgenden Eingabe\u00fcberpr\u00fcfung. Ein lokaler privilegierter Angreifer kann diese Schwachstelle ausnutzen, um seine Rechte zu erweitern, Code auszuf\u00fchren, Daten offenzulegen oder zu manipulieren oder einen Denial of Service zu verursachen."
}
],
"product_status": {
"known_affected": [
"T031288",
"T038539",
"T036868",
"T038544",
"T026557",
"T012167",
"T038541",
"T038540",
"T038543",
"T038542"
]
},
"release_date": "2024-10-22T22:00:00.000+00:00",
"title": "CVE-2024-0126"
},
{
"cve": "CVE-2024-0127",
"notes": [
{
"category": "description",
"text": "Die NVIDIA vGPU Software enth\u00e4lt eine Sicherheitsl\u00fccke im GPU-Kernel-Treiber des vGPU Managers f\u00fcr alle unterst\u00fctzten Hypervisoren. Diese besteht aufgrund einer ungen\u00fcgenden Eingabevalidierung, wodurch der Kernel des Gastbetriebssystems kompromittiert werden kann. Ein am Gastsystem angemeldeter Angreifer kann diese Schwachstelle ausnutzen, um seine Rechte zu erweitern, Code auszuf\u00fchren, Daten offenzulegen oder zu manipulieren oder einen Denial of Service zu verursachen."
}
],
"product_status": {
"known_affected": [
"T031288",
"T038539",
"T036868",
"T038544",
"T026557",
"T012167",
"T038541",
"T038540",
"T038543",
"T038542"
]
},
"release_date": "2024-10-22T22:00:00.000+00:00",
"title": "CVE-2024-0127"
},
{
"cve": "CVE-2024-0128",
"notes": [
{
"category": "description",
"text": "Die NVIDIA vGPU Software enth\u00e4lt eine Schwachstelle im Virtual GPU Manager. Diese besteht aufgrund einer falschen Berechtigungszuweisung f\u00fcr kritische Ressourcen. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Rechte zu erweitern, Informationen ofenzulegen oder Daten zu manipulieren."
}
],
"product_status": {
"known_affected": [
"T031288",
"T038539",
"T036868",
"T038544",
"T026557",
"T012167",
"T038541",
"T038540",
"T038543",
"T038542"
]
},
"release_date": "2024-10-22T22:00:00.000+00:00",
"title": "CVE-2024-0128"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…