CVE-2024-0090 Overview
CVE-2024-0090 is an out-of-bounds write vulnerability affecting NVIDIA GPU drivers for both Windows and Linux operating systems. This memory corruption flaw allows a local user to write data beyond the boundaries of allocated memory buffers within the GPU display driver. A successful exploit of this vulnerability can lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
The vulnerability is classified under CWE-787 (Out-of-bounds Write), which occurs when a program writes data past the end, or before the beginning, of the intended buffer. Given the kernel-level privileges at which GPU drivers operate, this vulnerability presents significant risk to affected systems.
Critical Impact
Local attackers with low privileges can exploit this out-of-bounds write vulnerability to achieve code execution, privilege escalation, denial of service, or data tampering on systems running vulnerable NVIDIA GPU drivers.
Affected Products
- NVIDIA GPU Display Driver for Windows and Linux
- NVIDIA GeForce, RTX, Quadro, NVS, Tesla, and Studio product lines
- NVIDIA Virtual GPU (vGPU)
- NVIDIA Cloud Gaming
- Canonical Ubuntu Linux (with NVIDIA drivers)
- Citrix Hypervisor
- Red Hat Enterprise Linux KVM
- VMware vSphere
- Microsoft Azure Stack HCI
Discovery Timeline
- June 13, 2024 - CVE-2024-0090 published to NVD
- November 21, 2024 - Last updated in NVD database
Technical Details for CVE-2024-0090
Vulnerability Analysis
The vulnerability resides in the NVIDIA GPU display driver where improper bounds checking allows a local authenticated user to write data outside the intended memory buffer. Out-of-bounds write vulnerabilities in kernel-mode drivers are particularly dangerous because they operate at the highest privilege level within the operating system.
When an attacker successfully exploits this flaw, they can corrupt adjacent memory structures, potentially overwriting critical data such as function pointers, security tokens, or control structures. This corruption can be leveraged to redirect code execution, bypass security mechanisms, or cause system instability.
The local attack vector requires the attacker to have some level of access to the target system, but the low privilege requirement means that even standard user accounts can potentially trigger the vulnerability. No user interaction is required beyond the attacker executing their malicious payload.
Root Cause
The root cause of CVE-2024-0090 is insufficient bounds validation in the NVIDIA GPU display driver when processing user-supplied data. The driver fails to properly verify that write operations remain within the boundaries of allocated memory buffers before committing data to memory.
This type of vulnerability typically occurs when:
- Array indices are not properly validated against buffer sizes
- Length parameters are not checked before memory operations
- Pointer arithmetic results are not validated before dereferencing
- User-controlled input directly influences memory write offsets without sanitization
The lack of proper boundary enforcement allows write operations to extend beyond the intended buffer, corrupting adjacent memory regions.
Attack Vector
The attack vector for CVE-2024-0090 is local, meaning an attacker must have access to the target system to exploit the vulnerability. The exploitation path involves:
- An attacker with low-privilege access to a system running vulnerable NVIDIA GPU drivers crafts malicious input designed to trigger the out-of-bounds write condition
- The attacker delivers this input to the GPU driver through available interfaces such as IOCTL calls or other driver communication mechanisms
- The driver processes the input without adequate bounds checking, causing a write operation to exceed buffer boundaries
- The out-of-bounds write corrupts adjacent memory, which the attacker can leverage for various malicious purposes including privilege escalation or arbitrary code execution
The vulnerability affects both Windows and Linux platforms, extending the attack surface to diverse environments including cloud gaming infrastructure, virtualization platforms, and enterprise workstations.
Detection Methods for CVE-2024-0090
Indicators of Compromise
- Unexpected system crashes or blue screen of death (BSOD) events related to NVIDIA driver components (nvlddmkm.sys on Windows or nvidia.ko modules on Linux)
- Abnormal memory access patterns or memory corruption errors in system logs
- Privilege escalation events from low-privilege user accounts to SYSTEM or root
- Suspicious processes interacting with NVIDIA driver interfaces via IOCTL calls
- Kernel memory integrity violations detected by endpoint protection solutions
Detection Strategies
- Monitor for unusual IOCTL communications with NVIDIA driver components
- Implement kernel integrity monitoring to detect unauthorized memory modifications
- Deploy endpoint detection and response (EDR) solutions capable of detecting exploitation attempts against kernel drivers
- Enable Windows Driver Framework (WDF) verifier or Linux kernel debugging tools to catch memory corruption events
- Analyze crash dumps for evidence of out-of-bounds write patterns in NVIDIA driver memory space
Monitoring Recommendations
- Configure system event monitoring to alert on NVIDIA driver crashes or unexpected restarts
- Implement file integrity monitoring on NVIDIA driver binary files to detect tampering
- Enable verbose logging for GPU driver operations where supported
- Monitor for anomalous process behavior following GPU driver interactions
- Utilize SentinelOne Singularity platform for real-time kernel-level threat detection and behavioral analysis
How to Mitigate CVE-2024-0090
Immediate Actions Required
- Identify all systems running NVIDIA GPU drivers across your environment
- Prioritize patching based on system exposure and criticality
- Apply the latest NVIDIA driver updates that address CVE-2024-0090
- Restrict local access to critical systems where possible until patches are applied
- Enable enhanced monitoring on systems that cannot be immediately patched
Patch Information
NVIDIA has released updated driver versions that address this vulnerability. Administrators should consult the NVIDIA Security Bulletin for specific version information and download links for their affected products.
The security update applies to:
- NVIDIA GPU Display Driver for Windows and Linux
- NVIDIA Virtual GPU software
- NVIDIA Cloud Gaming software
Organizations should follow their standard patch management procedures while prioritizing this update given the potential for privilege escalation.
Workarounds
- Limit local access to systems with NVIDIA GPU drivers to only trusted users
- Implement application control policies to restrict execution of unauthorized code
- Use network segmentation to isolate systems running vulnerable drivers from sensitive network segments
- Consider disabling or uninstalling NVIDIA drivers on systems where GPU functionality is not required until patches can be applied
- Enable additional security controls such as Credential Guard on Windows to limit the impact of potential privilege escalation
# Check installed NVIDIA driver version on Linux
nvidia-smi --query-gpu=driver_version --format=csv,noheader
# Check installed NVIDIA driver version on Windows (PowerShell)
# Get-WmiObject Win32_PnPSignedDriver | Where-Object {$_.DeviceName -like "*NVIDIA*"} | Select-Object DeviceName, DriverVersion
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
