Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-0128 (GCVE-0-2024-0128)
Vulnerability from cvelistv5 – Published: 2024-10-26 08:14 – Updated: 2024-11-01 03:55
VLAI
EPSS
Summary
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager that allows a user of the guest OS to access global resources. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges.
Severity
7.1 (High)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NVIDIA | vGPU and Cloud Gaming |
Affected:
All versions prior to 17.4, 16.8, and the October 2024 release
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "virtual_gpu_manager",
"vendor": "nvidia",
"versions": [
{
"lessThan": "16.8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "17.4",
"status": "affected",
"version": "17.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:nvidia:cloud_gaming_virtual_gpu:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "cloud_gaming_virtual_gpu",
"vendor": "nvidia",
"versions": [
{
"lessThan": "565.57.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0128",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-31T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T03:55:30.906Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "vGPU and Cloud Gaming",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 17.4, 16.8, and the October 2024 release"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager that allows a user of the guest OS to access global resources. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\n\n\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager that allows a user of the guest OS to access global resources. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Escalation of privileges, information disclosure, and data tampering"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-26T08:14:20.726Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5586"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2024-0128",
"datePublished": "2024-10-26T08:14:20.726Z",
"dateReserved": "2023-12-02T00:42:38.442Z",
"dateUpdated": "2024-11-01T03:55:30.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-0128",
"date": "2026-05-26",
"epss": "0.00071",
"percentile": "0.21668"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-0128\",\"sourceIdentifier\":\"psirt@nvidia.com\",\"published\":\"2024-10-26T09:15:03.800\",\"lastModified\":\"2024-10-28T13:58:09.230\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager that allows a user of the guest OS to access global resources. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges.\"},{\"lang\":\"es\",\"value\":\"El software NVIDIA vGPU contiene una vulnerabilidad en el administrador de GPU virtual que permite que un usuario del sistema operativo invitado acceda a recursos globales. Si se explota esta vulnerabilidad con \u00e9xito, se podr\u00eda producir la divulgaci\u00f3n de informaci\u00f3n, la manipulaci\u00f3n de datos y la escalada de privilegios.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@nvidia.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"psirt@nvidia.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]}],\"references\":[{\"url\":\"https://nvidia.custhelp.com/app/answers/detail/a_id/5586\",\"source\":\"psirt@nvidia.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-0128\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-28T16:42:37.435221Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*\"], \"vendor\": \"nvidia\", \"product\": \"virtual_gpu_manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"16.8\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"17.0\", \"lessThan\": \"17.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:a:nvidia:cloud_gaming_virtual_gpu:*:*:*:*:*:*:*:*\"], \"vendor\": \"nvidia\", \"product\": \"cloud_gaming_virtual_gpu\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"565.57.01\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-28T16:53:28.146Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"descriptions\": [{\"lang\": \"en\", \"value\": \"Escalation of privileges, information disclosure, and data tampering\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"NVIDIA\", \"product\": \"vGPU and Cloud Gaming\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions prior to 17.4, 16.8, and the October 2024 release\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://nvidia.custhelp.com/app/answers/detail/a_id/5586\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager that allows a user of the guest OS to access global resources. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\\n\\n\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eNVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager that allows a user of the guest OS to access global resources. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges.\u003c/span\u003e\\n\\n\u003c/span\u003e\\n\\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\\n\\n\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-732\", \"description\": \"CWE-732 Incorrect Permission Assignment for Critical Resource\"}]}], \"providerMetadata\": {\"orgId\": \"9576f279-3576-44b5-a4af-b9a8644b2de6\", \"shortName\": \"nvidia\", \"dateUpdated\": \"2024-10-26T08:14:20.726Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-0128\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-01T03:55:30.906Z\", \"dateReserved\": \"2023-12-02T00:42:38.442Z\", \"assignerOrgId\": \"9576f279-3576-44b5-a4af-b9a8644b2de6\", \"datePublished\": \"2024-10-26T08:14:20.726Z\", \"assignerShortName\": \"nvidia\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
BDU:2024-09486
Vulnerability from fstec - Published: 22.10.2024
VLAI
Title
Уязвимость компонента NVIDIA Virtual GPU Manager драйвера виртуальных графических процессоров NVIDIA Virtual GPU, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации, повысить свои привилегии
Description
Уязвимость компонента NVIDIA Virtual GPU Manager драйвера виртуальных графических процессоров NVIDIA Virtual GPU связана с неверным назначением разрешений для критического ресурса. Эксплуатация уязвимости может позволить нарушителю получить несанкционированный доступ к защищаемой информации, повысить свои привилегии
Severity
Vendor
ООО «Ред Софт», NVIDIA Corp.
Software Name
РЕД ОС (запись в едином реестре российских программ №3751), vGPU, Cloud Gaming Virtual GPU Manager
Software Version
7.3 (РЕД ОС), до 550.127.06 (vGPU), до 535.216.01 (vGPU), до 553.20 (vGPU), до 565.57.01 (Cloud Gaming Virtual GPU Manager)
Possible Mitigations
В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года.
Использование рекомендаций:
Для NVIDIA Virtual GPU:
https://nvidia.custhelp.com/app/answers/detail/a_id/5586
Для РедОС:
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Reference
https://nvidia.custhelp.com/app/answers/detail/a_id/5586
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
CWE
CWE-732
{
"CVSS 2.0": "AV:L/AC:L/Au:S/C:C/I:C/A:N",
"CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, NVIDIA Corp.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.3 (\u0420\u0415\u0414 \u041e\u0421), \u0434\u043e 550.127.06 (vGPU), \u0434\u043e 535.216.01 (vGPU), \u0434\u043e 553.20 (vGPU), \u0434\u043e 565.57.01 (Cloud Gaming Virtual GPU Manager)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0412 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c\u0441\u044f \"\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c LINUX\", \u0438\u0437\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0424\u0421\u0422\u042d\u041a \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u043e\u043c 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\n\u0414\u043b\u044f NVIDIA Virtual GPU:\nhttps://nvidia.custhelp.com/app/answers/detail/a_id/5586\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: \nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "22.10.2024",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "29.09.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "14.11.2024",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-09486",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-0128",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), vGPU, Cloud Gaming Virtual GPU Manager",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu - , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), VMware Inc. VMware vSphere - , Red Hat Inc. Red Hat Enterprise Linux KVM - , Microsoft Corp Azure Stack HCI - ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 NVIDIA Virtual GPU Manager \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 NVIDIA Virtual GPU, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0435 \u043f\u0440\u0438\u0441\u0432\u043e\u0435\u043d\u0438\u0435 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u0441\u0443\u0440\u0441\u0430 (CWE-732)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 NVIDIA Virtual GPU Manager \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 NVIDIA Virtual GPU \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0432\u0435\u0440\u043d\u044b\u043c \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435\u043c \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u0440\u0435\u0441\u0443\u0440\u0441\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvidia.custhelp.com/app/answers/detail/a_id/5586\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-732",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,2)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,1)"
}
FKIE_CVE-2024-0128
Vulnerability from fkie_nvd - Published: 2024-10-26 09:15 - Updated: 2026-04-15 00:35
Severity
Summary
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager that allows a user of the guest OS to access global resources. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager that allows a user of the guest OS to access global resources. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges."
},
{
"lang": "es",
"value": "El software NVIDIA vGPU contiene una vulnerabilidad en el administrador de GPU virtual que permite que un usuario del sistema operativo invitado acceda a recursos globales. Si se explota esta vulnerabilidad con \u00e9xito, se podr\u00eda producir la divulgaci\u00f3n de informaci\u00f3n, la manipulaci\u00f3n de datos y la escalada de privilegios."
}
],
"id": "CVE-2024-0128",
"lastModified": "2026-04-15T00:35:42.020",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "psirt@nvidia.com",
"type": "Secondary"
}
]
},
"published": "2024-10-26T09:15:03.800",
"references": [
{
"source": "psirt@nvidia.com",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5586"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "psirt@nvidia.com",
"type": "Secondary"
}
]
}
GHSA-77JX-PQH8-P2WH
Vulnerability from github – Published: 2024-10-26 09:30 – Updated: 2024-10-26 09:30
VLAI
Details
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager that allows a user of the guest OS to access global resources. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges.
Severity
7.1 (High)
{
"affected": [],
"aliases": [
"CVE-2024-0128"
],
"database_specific": {
"cwe_ids": [
"CWE-732"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-26T09:15:03Z",
"severity": "HIGH"
},
"details": "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager that allows a user of the guest OS to access global resources. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges.",
"id": "GHSA-77jx-pqh8-p2wh",
"modified": "2024-10-26T09:30:43Z",
"published": "2024-10-26T09:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0128"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5586"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2024-0128
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2024-0128",
"id": "GSD-2024-0128"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-0128"
],
"id": "GSD-2024-0128",
"modified": "2023-12-13T01:21:42.574342Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2024-0128",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
}
}
WID-SEC-W-2024-3255
Vulnerability from csaf_certbund - Published: 2024-10-22 22:00 - Updated: 2024-12-15 23:00Summary
Nvidia Treiber: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: NVidia ist ein Hersteller von Grafikkarten.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Nvidia Treibern ausnutzen, um seine Rechte zu erweitern, Code auszuführen, Daten offenzulegen oder zu manipulieren oder einen Denial of Service zu verursachen.
Betroffene Betriebssysteme: - Linux
- Windows
In Nvidia GPU Display Treibern für Windows existieren mehrere Schwachstellen. In der Benutzermodus-Schicht bestehen Out-of-bounds-Read Probleme. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um seine Rechte zu erweitern, Code auszuführen, Daten offenzulegen oder zu manipulieren oder einen Denial of Service zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HP Computer
HP
|
cpe:/h:hp:computer:-
|
— | |
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
Nvidia Treiber Windows <538.95
Nvidia / Treiber
|
Windows <538.95 | ||
|
Lenovo Computer
Lenovo
|
cpe:/h:lenovo:computer:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Nvidia Treiber Windows <553.24
Nvidia / Treiber
|
Windows <553.24 | ||
|
Nvidia Treiber Windows <566.03
Nvidia / Treiber
|
Windows <566.03 |
In Nvidia GPU Display Treibern für Windows existieren mehrere Schwachstellen. In der Benutzermodus-Schicht bestehen Out-of-bounds-Read Probleme. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um seine Rechte zu erweitern, Code auszuführen, Daten offenzulegen oder zu manipulieren oder einen Denial of Service zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HP Computer
HP
|
cpe:/h:hp:computer:-
|
— | |
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
Nvidia Treiber Windows <538.95
Nvidia / Treiber
|
Windows <538.95 | ||
|
Lenovo Computer
Lenovo
|
cpe:/h:lenovo:computer:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Nvidia Treiber Windows <553.24
Nvidia / Treiber
|
Windows <553.24 | ||
|
Nvidia Treiber Windows <566.03
Nvidia / Treiber
|
Windows <566.03 |
In Nvidia GPU Display Treibern für Windows existieren mehrere Schwachstellen. In der Benutzermodus-Schicht bestehen Out-of-bounds-Read Probleme. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um seine Rechte zu erweitern, Code auszuführen, Daten offenzulegen oder zu manipulieren oder einen Denial of Service zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HP Computer
HP
|
cpe:/h:hp:computer:-
|
— | |
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
Nvidia Treiber Windows <538.95
Nvidia / Treiber
|
Windows <538.95 | ||
|
Lenovo Computer
Lenovo
|
cpe:/h:lenovo:computer:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Nvidia Treiber Windows <553.24
Nvidia / Treiber
|
Windows <553.24 | ||
|
Nvidia Treiber Windows <566.03
Nvidia / Treiber
|
Windows <566.03 |
In Nvidia GPU Display Treibern für Windows existieren mehrere Schwachstellen. In der Benutzermodus-Schicht bestehen Out-of-bounds-Read Probleme. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um seine Rechte zu erweitern, Code auszuführen, Daten offenzulegen oder zu manipulieren oder einen Denial of Service zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HP Computer
HP
|
cpe:/h:hp:computer:-
|
— | |
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
Nvidia Treiber Windows <538.95
Nvidia / Treiber
|
Windows <538.95 | ||
|
Lenovo Computer
Lenovo
|
cpe:/h:lenovo:computer:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Nvidia Treiber Windows <553.24
Nvidia / Treiber
|
Windows <553.24 | ||
|
Nvidia Treiber Windows <566.03
Nvidia / Treiber
|
Windows <566.03 |
In Nvidia GPU Display Treibern für Windows existieren mehrere Schwachstellen. In der Benutzermodus-Schicht bestehen Out-of-bounds-Read Probleme. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um seine Rechte zu erweitern, Code auszuführen, Daten offenzulegen oder zu manipulieren oder einen Denial of Service zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HP Computer
HP
|
cpe:/h:hp:computer:-
|
— | |
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
Nvidia Treiber Windows <538.95
Nvidia / Treiber
|
Windows <538.95 | ||
|
Lenovo Computer
Lenovo
|
cpe:/h:lenovo:computer:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Nvidia Treiber Windows <553.24
Nvidia / Treiber
|
Windows <553.24 | ||
|
Nvidia Treiber Windows <566.03
Nvidia / Treiber
|
Windows <566.03 |
In Nvidia GPU Display Treibern existiert eine Schwachstelle aufgrund einer ungenügenden Eingabeüberprüfung. Ein lokaler privilegierter Angreifer kann diese Schwachstelle ausnutzen, um seine Rechte zu erweitern, Code auszuführen, Daten offenzulegen oder zu manipulieren oder einen Denial of Service zu verursachen.
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HP Computer
HP
|
cpe:/h:hp:computer:-
|
— | |
|
Nvidia Treiber Linux <565.57.01
Nvidia / Treiber
|
Linux <565.57.01 | ||
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
Nvidia Treiber Windows <538.95
Nvidia / Treiber
|
Windows <538.95 | ||
|
Lenovo Computer
Lenovo
|
cpe:/h:lenovo:computer:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Nvidia Treiber Linux <535.216.01
Nvidia / Treiber
|
Linux <535.216.01 | ||
|
Nvidia Treiber Linux <550.127.05
Nvidia / Treiber
|
Linux <550.127.05 | ||
|
Nvidia Treiber Windows <553.24
Nvidia / Treiber
|
Windows <553.24 | ||
|
Nvidia Treiber Windows <566.03
Nvidia / Treiber
|
Windows <566.03 |
Die NVIDIA vGPU Software enthält eine Sicherheitslücke im GPU-Kernel-Treiber des vGPU Managers für alle unterstützten Hypervisoren. Diese besteht aufgrund einer ungenügenden Eingabevalidierung, wodurch der Kernel des Gastbetriebssystems kompromittiert werden kann. Ein am Gastsystem angemeldeter Angreifer kann diese Schwachstelle ausnutzen, um seine Rechte zu erweitern, Code auszuführen, Daten offenzulegen oder zu manipulieren oder einen Denial of Service zu verursachen.
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HP Computer
HP
|
cpe:/h:hp:computer:-
|
— | |
|
Nvidia Treiber Linux <565.57.01
Nvidia / Treiber
|
Linux <565.57.01 | ||
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
Nvidia Treiber Windows <538.95
Nvidia / Treiber
|
Windows <538.95 | ||
|
Lenovo Computer
Lenovo
|
cpe:/h:lenovo:computer:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Nvidia Treiber Linux <535.216.01
Nvidia / Treiber
|
Linux <535.216.01 | ||
|
Nvidia Treiber Linux <550.127.05
Nvidia / Treiber
|
Linux <550.127.05 | ||
|
Nvidia Treiber Windows <553.24
Nvidia / Treiber
|
Windows <553.24 | ||
|
Nvidia Treiber Windows <566.03
Nvidia / Treiber
|
Windows <566.03 |
Die NVIDIA vGPU Software enthält eine Schwachstelle im Virtual GPU Manager. Diese besteht aufgrund einer falschen Berechtigungszuweisung für kritische Ressourcen. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Rechte zu erweitern, Informationen ofenzulegen oder Daten zu manipulieren.
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HP Computer
HP
|
cpe:/h:hp:computer:-
|
— | |
|
Nvidia Treiber Linux <565.57.01
Nvidia / Treiber
|
Linux <565.57.01 | ||
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
Nvidia Treiber Windows <538.95
Nvidia / Treiber
|
Windows <538.95 | ||
|
Lenovo Computer
Lenovo
|
cpe:/h:lenovo:computer:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Nvidia Treiber Linux <535.216.01
Nvidia / Treiber
|
Linux <535.216.01 | ||
|
Nvidia Treiber Linux <550.127.05
Nvidia / Treiber
|
Linux <550.127.05 | ||
|
Nvidia Treiber Windows <553.24
Nvidia / Treiber
|
Windows <553.24 | ||
|
Nvidia Treiber Windows <566.03
Nvidia / Treiber
|
Windows <566.03 |
References
7 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "NVidia ist ein Hersteller von Grafikkarten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Nvidia Treibern ausnutzen, um seine Rechte zu erweitern, Code auszuf\u00fchren, Daten offenzulegen oder zu manipulieren oder einen Denial of Service zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-3255 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3255.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-3255 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3255"
},
{
"category": "external",
"summary": "NVIDIA GPU Display Drivers Advisory - October 2024 vom 2024-10-22",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5586"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-401 vom 2024-10-24",
"url": "https://www.dell.com/support/kbdoc/de-de/000228639/dsa-2024-401"
},
{
"category": "external",
"summary": "Lenovo Security Advisory LEN-173640 vom 2024-11-13",
"url": "https://support.lenovo.com/us/en/product_security/LEN-173640"
},
{
"category": "external",
"summary": "HP Security Bulletin HPSBHF03990 vom 2024-11-26",
"url": "https://support.hp.com/us-en/document/ish_11695845-11695873-16/HPSBHF03990"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202412-20 vom 2024-12-14",
"url": "https://security.gentoo.org/glsa/202412-20"
}
],
"source_lang": "en-US",
"title": "Nvidia Treiber: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-12-15T23:00:00.000+00:00",
"generator": {
"date": "2024-12-16T09:12:31.827+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2024-3255",
"initial_release_date": "2024-10-22T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-10-22T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-10-24T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-11-12T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von LENOVO aufgenommen"
},
{
"date": "2024-12-08T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von HP aufgenommen"
},
{
"date": "2024-12-15T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Gentoo aufgenommen"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Dell Computer",
"product": {
"name": "Dell Computer",
"product_id": "T036868",
"product_identification_helper": {
"cpe": "cpe:/o:dell:dell_computer:-"
}
}
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"category": "product_name",
"name": "HP Computer",
"product": {
"name": "HP Computer",
"product_id": "T031288",
"product_identification_helper": {
"cpe": "cpe:/h:hp:computer:-"
}
}
}
],
"category": "vendor",
"name": "HP"
},
{
"branches": [
{
"category": "product_name",
"name": "Lenovo Computer",
"product": {
"name": "Lenovo Computer",
"product_id": "T026557",
"product_identification_helper": {
"cpe": "cpe:/h:lenovo:computer:-"
}
}
}
],
"category": "vendor",
"name": "Lenovo"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Linux \u003c565.57.01",
"product": {
"name": "Nvidia Treiber Linux \u003c565.57.01",
"product_id": "T038539"
}
},
{
"category": "product_version",
"name": "Linux 565.57.01",
"product": {
"name": "Nvidia Treiber Linux 565.57.01",
"product_id": "T038539-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nvidia:display_driver:linux__565.57.01"
}
}
},
{
"category": "product_version_range",
"name": "Linux \u003c550.127.05",
"product": {
"name": "Nvidia Treiber Linux \u003c550.127.05",
"product_id": "T038540"
}
},
{
"category": "product_version",
"name": "Linux 550.127.05",
"product": {
"name": "Nvidia Treiber Linux 550.127.05",
"product_id": "T038540-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nvidia:display_driver:linux__550.127.05"
}
}
},
{
"category": "product_version_range",
"name": "Linux \u003c535.216.01",
"product": {
"name": "Nvidia Treiber Linux \u003c535.216.01",
"product_id": "T038541"
}
},
{
"category": "product_version",
"name": "Linux 535.216.01",
"product": {
"name": "Nvidia Treiber Linux 535.216.01",
"product_id": "T038541-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nvidia:display_driver:linux__535.216.01"
}
}
},
{
"category": "product_version_range",
"name": "Windows \u003c566.03",
"product": {
"name": "Nvidia Treiber Windows \u003c566.03",
"product_id": "T038542"
}
},
{
"category": "product_version",
"name": "Windows 566.03",
"product": {
"name": "Nvidia Treiber Windows 566.03",
"product_id": "T038542-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nvidia:display_driver:windows__566.03"
}
}
},
{
"category": "product_version_range",
"name": "Windows \u003c553.24",
"product": {
"name": "Nvidia Treiber Windows \u003c553.24",
"product_id": "T038543"
}
},
{
"category": "product_version",
"name": "Windows 553.24",
"product": {
"name": "Nvidia Treiber Windows 553.24",
"product_id": "T038543-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nvidia:display_driver:windows__553.24"
}
}
},
{
"category": "product_version_range",
"name": "Windows \u003c538.95",
"product": {
"name": "Nvidia Treiber Windows \u003c538.95",
"product_id": "T038544"
}
},
{
"category": "product_version",
"name": "Windows 538.95",
"product": {
"name": "Nvidia Treiber Windows 538.95",
"product_id": "T038544-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nvidia:display_driver:windows__538.95"
}
}
}
],
"category": "product_name",
"name": "Treiber"
}
],
"category": "vendor",
"name": "Nvidia"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-0117",
"notes": [
{
"category": "description",
"text": "In Nvidia GPU Display Treibern f\u00fcr Windows existieren mehrere Schwachstellen. In der Benutzermodus-Schicht bestehen Out-of-bounds-Read Probleme. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um seine Rechte zu erweitern, Code auszuf\u00fchren, Daten offenzulegen oder zu manipulieren oder einen Denial of Service zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T031288",
"T036868",
"T038544",
"T026557",
"T012167",
"T038543",
"T038542"
]
},
"release_date": "2024-10-22T22:00:00.000+00:00",
"title": "CVE-2024-0117"
},
{
"cve": "CVE-2024-0118",
"notes": [
{
"category": "description",
"text": "In Nvidia GPU Display Treibern f\u00fcr Windows existieren mehrere Schwachstellen. In der Benutzermodus-Schicht bestehen Out-of-bounds-Read Probleme. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um seine Rechte zu erweitern, Code auszuf\u00fchren, Daten offenzulegen oder zu manipulieren oder einen Denial of Service zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T031288",
"T036868",
"T038544",
"T026557",
"T012167",
"T038543",
"T038542"
]
},
"release_date": "2024-10-22T22:00:00.000+00:00",
"title": "CVE-2024-0118"
},
{
"cve": "CVE-2024-0119",
"notes": [
{
"category": "description",
"text": "In Nvidia GPU Display Treibern f\u00fcr Windows existieren mehrere Schwachstellen. In der Benutzermodus-Schicht bestehen Out-of-bounds-Read Probleme. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um seine Rechte zu erweitern, Code auszuf\u00fchren, Daten offenzulegen oder zu manipulieren oder einen Denial of Service zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T031288",
"T036868",
"T038544",
"T026557",
"T012167",
"T038543",
"T038542"
]
},
"release_date": "2024-10-22T22:00:00.000+00:00",
"title": "CVE-2024-0119"
},
{
"cve": "CVE-2024-0120",
"notes": [
{
"category": "description",
"text": "In Nvidia GPU Display Treibern f\u00fcr Windows existieren mehrere Schwachstellen. In der Benutzermodus-Schicht bestehen Out-of-bounds-Read Probleme. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um seine Rechte zu erweitern, Code auszuf\u00fchren, Daten offenzulegen oder zu manipulieren oder einen Denial of Service zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T031288",
"T036868",
"T038544",
"T026557",
"T012167",
"T038543",
"T038542"
]
},
"release_date": "2024-10-22T22:00:00.000+00:00",
"title": "CVE-2024-0120"
},
{
"cve": "CVE-2024-0121",
"notes": [
{
"category": "description",
"text": "In Nvidia GPU Display Treibern f\u00fcr Windows existieren mehrere Schwachstellen. In der Benutzermodus-Schicht bestehen Out-of-bounds-Read Probleme. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um seine Rechte zu erweitern, Code auszuf\u00fchren, Daten offenzulegen oder zu manipulieren oder einen Denial of Service zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T031288",
"T036868",
"T038544",
"T026557",
"T012167",
"T038543",
"T038542"
]
},
"release_date": "2024-10-22T22:00:00.000+00:00",
"title": "CVE-2024-0121"
},
{
"cve": "CVE-2024-0126",
"notes": [
{
"category": "description",
"text": "In Nvidia GPU Display Treibern existiert eine Schwachstelle aufgrund einer ungen\u00fcgenden Eingabe\u00fcberpr\u00fcfung. Ein lokaler privilegierter Angreifer kann diese Schwachstelle ausnutzen, um seine Rechte zu erweitern, Code auszuf\u00fchren, Daten offenzulegen oder zu manipulieren oder einen Denial of Service zu verursachen."
}
],
"product_status": {
"known_affected": [
"T031288",
"T038539",
"T036868",
"T038544",
"T026557",
"T012167",
"T038541",
"T038540",
"T038543",
"T038542"
]
},
"release_date": "2024-10-22T22:00:00.000+00:00",
"title": "CVE-2024-0126"
},
{
"cve": "CVE-2024-0127",
"notes": [
{
"category": "description",
"text": "Die NVIDIA vGPU Software enth\u00e4lt eine Sicherheitsl\u00fccke im GPU-Kernel-Treiber des vGPU Managers f\u00fcr alle unterst\u00fctzten Hypervisoren. Diese besteht aufgrund einer ungen\u00fcgenden Eingabevalidierung, wodurch der Kernel des Gastbetriebssystems kompromittiert werden kann. Ein am Gastsystem angemeldeter Angreifer kann diese Schwachstelle ausnutzen, um seine Rechte zu erweitern, Code auszuf\u00fchren, Daten offenzulegen oder zu manipulieren oder einen Denial of Service zu verursachen."
}
],
"product_status": {
"known_affected": [
"T031288",
"T038539",
"T036868",
"T038544",
"T026557",
"T012167",
"T038541",
"T038540",
"T038543",
"T038542"
]
},
"release_date": "2024-10-22T22:00:00.000+00:00",
"title": "CVE-2024-0127"
},
{
"cve": "CVE-2024-0128",
"notes": [
{
"category": "description",
"text": "Die NVIDIA vGPU Software enth\u00e4lt eine Schwachstelle im Virtual GPU Manager. Diese besteht aufgrund einer falschen Berechtigungszuweisung f\u00fcr kritische Ressourcen. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Rechte zu erweitern, Informationen ofenzulegen oder Daten zu manipulieren."
}
],
"product_status": {
"known_affected": [
"T031288",
"T038539",
"T036868",
"T038544",
"T026557",
"T012167",
"T038541",
"T038540",
"T038543",
"T038542"
]
},
"release_date": "2024-10-22T22:00:00.000+00:00",
"title": "CVE-2024-0128"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…