NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user in a guest can cause a NULL-pointer dereference in the host, which may lead to denial of service.

The NVIDIA GPU display driver software on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities:

  - NVIDIA GPU Display Driver for WIndows and Linux contains a vulnerability in the kernel mode data handler, where an     unprivileged regular user can cause integer overflow, which may lead to denial of service, information disclosure,     and data tampering. (CVE-2022-42665)

  - NVIDIA GPU Display Driver for Linux contains a vulnerability where an attacker may access a memory location after     the end of the buffer. A successful exploit of this vulnerability may lead to denial of service and data tampering.     (CVE-2024-0074)

  - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user may cause a NULL-pointer     dereference by accessing passed parameters the validity of which has not been checked. A successful exploit of     this vulnerability may lead to denial of service and limited information disclosure. (CVE-2024-0075)

  - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user in     a guest can cause a NULL-pointer dereference in the host, which may lead to denial of service. (CVE-2024-0078)

Note that Nessus has not tested for the issue but has instead relied only on the application's self-reported version number.

The NVIDIA Virtual GPU Manager software on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, including the following:

  - NVIDIA GPU Display Driver for WIndows and Linux contains a vulnerability in the kernel mode data handler, where an     unprivileged regular user can cause integer overflow, which may lead to denial of service, information disclosure,     and data tampering. (CVE-2022-42665)

  - NVIDIA GPU Display Driver for Linux contains a vulnerability where an attacker may access a memory location after     the end of the buffer. A successful exploit of this vulnerability may lead to denial of service and data tampering.     (CVE-2024-0074)

  - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user may cause a NULL-pointer     dereference by accessing passed parameters the validity of which has not been checked. A successful exploit of     this vulnerability may lead to denial of service and limited information disclosure. (CVE-2024-0075)

  - NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, where it allows a guest OS to allocate     resources for which the guest OS is not authorized. A successful exploit of this vulnerability may lead to code     execution, denial of service, escalation of privileges, information disclosure, and data tampering. (CVE-2024-0077)

  - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user in     a guest can cause a NULL-pointer dereference in the host, which may lead to denial of service. (CVE-2024-0078)

  - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user     in a guest VM can cause a NULL-pointer dereference in the host. A successful exploit of this vulnerability may     lead to denial of service. (CVE-2024-0079) 	Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

A display driver installed on the remote Windows host is affected by multiple vulnerabilities, including the following:

  - NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an     unprivileged regular user can cause an out-of-bounds write. A successful exploit of this vulnerability may     lead to code execution, denial of service, escalation of privileges, information disclosure, and data     tampering. (CVE-2024-0071)

  -	NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer when the driver is     performing an operation at a privilege level that is higher than the minimum level required. A successful     exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges,     information disclosure, and data tampering. (CVE-2024-0073)

  -	NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a     user in a guest can cause a NULL-pointer dereference in the host, which may lead to denial of service.
    (CVE-2024-0078)

Note that Nessus has not attempted to exploit these issues but has instead relied only on the driver's self-reported version number.

ID	Name	Product	Family	Severity
191744	NVIDIA Linux GPU Display Driver (February 2024)	Nessus	Misc.	high
191743	NVIDIA Virtual GPU Manager Multiple Vulnerabilities (February 2024)	Nessus	Misc.	high
191676	NVIDIA Windows GPU Display Driver (February 2024)	Nessus	Windows	high

Detections

Analytics

CVE-2024-0078

medium

Tenable Plugins

high

high

high