Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-0126

Summary
Assigner-nvidia
Assigner Org ID-9576f279-3576-44b5-a4af-b9a8644b2de6
Published At-26 Oct, 2024 | 08:01
Updated At-01 Nov, 2024 | 03:55
Rejected At-
Credits

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability which could allow a privileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:nvidia
Assigner Org ID:9576f279-3576-44b5-a4af-b9a8644b2de6
Published At:26 Oct, 2024 | 08:01
Updated At:01 Nov, 2024 | 03:55
Rejected At:
▼CVE Numbering Authority (CNA)

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability which could allow a privileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Affected Products
Vendor
NVIDIA CorporationNVIDIA
Product
GPU, vGPU, and Cloud Gaming
Default Status
unaffected
Versions
Affected
  • All versions prior to 17.4, 16.8, and the October 2024 release
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20 Improper Input Validation
Type: CWE
CWE ID: CWE-20
Description: CWE-20 Improper Input Validation
Metrics
VersionBase scoreBase severityVector
3.18.2HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
N/ACode execution, denial of service, escalation of privileges, information disclosure, and data tampering
CAPEC ID: N/A
Description: Code execution, denial of service, escalation of privileges, information disclosure, and data tampering
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://nvidia.custhelp.com/app/answers/detail/a_id/5586
N/A
Hyperlink: https://nvidia.custhelp.com/app/answers/detail/a_id/5586
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
NVIDIA Corporationnvidia
Product
gpu_display_driver
CPEs
  • cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*
Default Status
unaffected
Versions
Affected
  • From 565 before 566.03 (custom)
  • From 550 before 553.24 (custom)
  • From 535 before 538.95 (custom)
Vendor
NVIDIA Corporationnvidia
Product
gpu_display_driver
CPEs
  • cpe:2.3:a:nvidia:gpu_display_driver:-:*:*:*:*:linux:*:*
Default Status
unaffected
Versions
Affected
  • From 565 before 565.57.01 (custom)
  • From 550 before 550.127.05 (custom)
  • From 535 before 535.216.01 (custom)
Vendor
NVIDIA Corporationnvidia
Product
virtual_gpu_manager
CPEs
  • cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 0 before 16.8 (custom)
  • From 17.0 before 17.4 (custom)
Vendor
NVIDIA Corporationnvidia
Product
cloud_gaming_virtual_gpu
CPEs
  • cpe:2.3:a:nvidia:cloud_gaming_virtual_gpu:*:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 0 before 565.57.01 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@nvidia.com
Published At:26 Oct, 2024 | 08:15
Updated At:28 Oct, 2024 | 13:58

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability which could allow a privileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.2HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-20Primarypsirt@nvidia.com
CWE ID: CWE-20
Type: Primary
Source: psirt@nvidia.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://nvidia.custhelp.com/app/answers/detail/a_id/5586psirt@nvidia.com
N/A
Hyperlink: https://nvidia.custhelp.com/app/answers/detail/a_id/5586
Source: psirt@nvidia.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

109Records found
CVE-2024-36282
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.25%
||
7 Day CHG~0.00%
Published-13 Nov, 2024 | 21:11
Updated-15 Nov, 2024 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in the Intel(R) Server Board S2600ST Family BIOS and Firmware Update software all versions may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-Intel(R) Server Board S2600ST Family BIOS and Firmware Update softwareserver_board_s2600st_firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2024-34163
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.7||HIGH
EPSS-0.03% / 6.12%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 13:45
Updated-12 Sep, 2024 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in firmware for some Intel(R) NUC may allow a privileged user to potentially enableescalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_x15_laptop_kit_laprc510nuc_x15_laptop_kit_lapbc710_firmwarenuc_x15_laptop_kit_lapbc510_firmwarenuc_x15_laptop_kit_lapbc710nuc_x15_laptop_kit_lapkc51e_firmwarenuc_x15_laptop_kit_laprc710_firmwarenuc_x15_laptop_kit_lapac71hnuc_x15_laptop_kit_lapkc51enuc_x15_laptop_kit_laprc710nuc_x15_laptop_kit_lapac71gnuc_x15_laptop_kit_lapbc510nuc_x15_laptop_kit_lapkc71f_firmwarenuc_x15_laptop_kit_lapac71g_firmwarenuc_x15_laptop_kit_laprc510_firmwarenuc_x15_laptop_kit_lapac71h_firmwarenuc_x15_laptop_kit_lapkc71e_firmwarenuc_x15_laptop_kit_lapkc71fnuc_x15_laptop_kit_lapkc71eIntel(R) NUClapkc71f_firmwarelapbc710_firmwarelapkc51e_firmwarelapkc71e_firmwarelaprc510_firmwarelaprc710_firmwarelapbc510_firmwarelapac71h_firmwarelapac71g_firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2024-32859
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.04% / 10.19%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 12:39
Updated-19 Sep, 2024 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_m15_r4_firmwarealienware_x15_r2_firmwarealienware_aurora_r13_firmwarealienware_x17_r2alienware_x17_r1alienware_m17_r4_firmwarealienware_x15_r2alienware_m17_r3alienware_aurora_r15_amd_firmwarealienware_area_51m_r2_firmwarealienware_aurora_ryzen_edition_r14_firmwarexps_8960xps_8950alienware_x15_r1_firmwarealienware_x15_r1xps_8960_firmwarealienware_aurora_ryzen_edition_r14inspiron_3502_firmwarealienware_aurora_r13inspiron_15_3521_firmwareinspiron_15_3510alienware_m17_r4alienware_aurora_r12_firmwarealienware_area_51m_r2xps_8950_firmwarealienware_x17_r1_firmwarealienware_aurora_r10alienware_x14_firmwarealienware_m15_r3_firmwarealienware_aurora_r10_firmwarealienware_m17_r3_firmwarealienware_x17_r2_firmwarealienware_m15_r4alienware_x14inspiron_3502inspiron_15_3521alienware_m15_r3alienware_aurora_r15_amdalienware_aurora_r11_firmwarealienware_aurora_r11alienware_aurora_r15aurora_r16alienware_aurora_r12inspiron_15_3510_firmwarealienware_aurora_r15_firmwareaurora_r16_firmwareCPG BIOSalienware_aurora_r11_firmwarealienware_aurora_r13_firmwarealienware_aurora_r12_firmwarexps_8950_firmwarexps_8960_firmwarealienware_aurora_r15_amd_firmwareinspiron_3502_firmwarealienware_aurora_r15_firmwarealienware_aurora_r14_ryzen_edition_firmwarealienware_aurora_r16_firmwarealienware_aurora_r10_firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2024-32858
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.04% / 10.19%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 12:48
Updated-24 Sep, 2024 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_m15_r4_firmwarealienware_x15_r2_firmwarealienware_aurora_r13_firmwarealienware_x17_r2alienware_x17_r1alienware_m17_r4_firmwarealienware_x15_r2alienware_m17_r3alienware_aurora_r15_amd_firmwarealienware_area_51m_r2_firmwarealienware_aurora_ryzen_edition_r14_firmwarexps_8960xps_8950alienware_x15_r1_firmwarealienware_x15_r1xps_8960_firmwarealienware_aurora_ryzen_edition_r14inspiron_3502_firmwarealienware_aurora_r13inspiron_15_3521_firmwareinspiron_15_3510alienware_m17_r4alienware_aurora_r12_firmwarealienware_area_51m_r2xps_8950_firmwarealienware_x17_r1_firmwarealienware_aurora_r10alienware_x14_firmwarealienware_m15_r3_firmwarealienware_aurora_r10_firmwarealienware_m17_r3_firmwarealienware_x17_r2_firmwarealienware_m15_r4alienware_x14inspiron_3502inspiron_15_3521alienware_m15_r3alienware_aurora_r15_amdalienware_aurora_r11_firmwarealienware_aurora_r11alienware_aurora_r15aurora_r16alienware_aurora_r12inspiron_15_3510_firmwarealienware_aurora_r15_firmwareaurora_r16_firmwareCPG BIOSalienware_aurora_r11_firmwarealienware_aurora_r13_firmwarealienware_aurora_r12_firmwarexps_8950_firmwarexps_8960_firmwarealienware_aurora_r15_amd_firmwareinspiron_3502_firmwarealienware_aurora_r15_firmwarealienware_aurora_r14_ryzen_edition_firmwarealienware_aurora_r16_firmwarealienware_aurora_r10_firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2024-28947
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.1||HIGH
EPSS-0.04% / 9.68%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 13:45
Updated-12 Sep, 2024 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in kernel mode driver for some Intel(R) Server Board S2600ST Family firmware before version 02.01.0017 may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-server_board_s2600st_firmwareIntel(R) Server Board S2600ST Family firmwareserver_board_s2600st_firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2024-21925
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-8.2||HIGH
EPSS-0.04% / 11.46%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 20:39
Updated-27 Jun, 2025 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-AMD Ryzen™ Embedded 7000AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ GraphicsAMD EPYC™ 7002 ProcessorsAMD Ryzen™ Threadripper™ 3000 Series ProcessorsAMD Ryzen™ Embedded R1000AMD Ryzen™ Embedded 8000AMD Ryzen™ Embedded R2000AMD Ryzen™ 6000 Series Processor with Radeon™ GraphicsAMD Athlon™ 3000 Series Desktop Processors with Radeon™ GraphicsAMD Ryzen™ 7000 Series Mobile ProcessorsAMD Ryzen™ 5000 Series Desktop ProcessorsAMD EPYC™ 7003 ProcessorsAMD Ryzen™ 7000 Series Desktop ProcessorsAMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop ProcessorsAMD Ryzen™ 8000 Series Processor with Radeon™ GraphicsAMD Ryzen™ Embedded V1000AMD Ryzen™ Embedded 5000AMD EPYC™ Embedded 3000AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ GraphicsAMD Ryzen™ 7020 Series Processors with Radeon™ GraphicsAMD EPYC™ 9004 ProcessorsAMD EPYC™ 7001 ProcessorsAMD Ryzen™ Embedded V3000AMD Athlon™ 3000 Series Mobile Processors with Radeon™ GraphicsAMD Ryzen™ 7040 Series Processors with Radeon™ GraphicsAMD Ryzen™ 4000 Series Mobile Processors with Radeon™ GraphicsAMD Ryzen™ 3000 Series Desktop ProcessorsAMD Ryzen™ Threadripper™ PRO 7000 WX-Series ProcessorsAMD EPYC™ Embedded 7003AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ GraphicsAMD EPYC™ Embedded 7002AMD Ryzen™ 5000 Series Processors with Radeon™ GraphicsAMD EPYC™ Embedded 9004AMD Ryzen™ Embedded V2000AMD Ryzen™ Threadripper™ PRO 3000WX Series ProcessorsAMD Ryzen™ 5000 Series Desktop Processor with Radeon™ GraphicsAMD Ryzen™ 7035 Series Processor with Radeon™ Graphics
CWE ID-CWE-20
Improper Input Validation
CVE-2022-36448
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.2||HIGH
EPSS-0.06% / 19.61%
||
7 Day CHG~0.00%
Published-28 Sep, 2022 | 15:50
Updated-21 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. There is an SMM memory corruption vulnerability in the Software SMI handler in the PnpSmm driver.

Action-Not Available
Vendor-n/aInsyde Software Corp. (ISC)
Product-insydeh2on/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-35893
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.2||HIGH
EPSS-0.07% / 23.18%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 18:01
Updated-05 May, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM memory corruption vulnerability in the FvbServicesRuntimeDxe driver allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Action-Not Available
Vendor-n/aInsyde Software Corp. (ISC)
Product-insydeh2on/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-33176
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.2||HIGH
EPSS-0.04% / 12.33%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 15:48
Updated-05 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in BIOS firmware for some Intel(R) NUC 11 Performance kits and Intel(R) NUC 11 Performance Mini PCs before version PATGL357.0042 may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_11_performance_kit_nuc11pahi70z_firmwarenuc_11_performance_kit_nuc11paki7nuc_11_performance_kit_nuc11pahi7_firmwarenuc_11_performance_kit_nuc11pahi30z_firmwarenuc_11_performance_mini_pc_nuc11paqi70qanuc_11_performance_kit_nuc11paki5nuc_11_performance_kit_nuc11paki3nuc_11_performance_kit_nuc11pahi5nuc_11_performance_kit_nuc11pahi30znuc_11_performance_kit_nuc11pahi5_firmwarenuc_11_performance_kit_nuc11pahi70znuc_11_performance_kit_nuc11pahi3_firmwarenuc_11_performance_kit_nuc11paki7_firmwarenuc_11_performance_mini_pc_nuc11paqi50wanuc_11_performance_kit_nuc11paki3_firmwarenuc_11_performance_kit_nuc11pahi50znuc_11_performance_kit_nuc11pahi7nuc_11_performance_kit_nuc11pahi3nuc_11_performance_kit_nuc11paki5_firmwarenuc_11_performance_mini_pc_nuc11paqi50wa_firmwarenuc_11_performance_mini_pc_nuc11paqi70qa_firmwarenuc_11_performance_kit_nuc11pahi50z_firmwareIntel(R) NUC 11 Performance kits and Intel(R) NUC 11 Performance Mini PCs
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found