CVE-2024-0131 Overview
CVE-2024-0131 affects the NVIDIA GPU kernel driver on both Windows and Linux platforms. The flaw stems from an out-of-bounds read condition [CWE-805], where the driver reads a buffer using an incorrect length value. A local user-mode attacker with high privileges can trigger this condition to cause denial of service against the affected system.
The weakness is categorized as a Buffer Access with Incorrect Length Value issue. Successful exploitation does not expose confidentiality or integrity, but it can disrupt GPU availability and stability on workstations and servers relying on NVIDIA hardware acceleration.
Critical Impact
A local attacker with high privileges can trigger an out-of-bounds read in the NVIDIA GPU kernel driver, leading to denial of service on Windows and Linux systems.
Affected Products
- NVIDIA GPU kernel mode driver for Windows
- NVIDIA GPU kernel mode driver for Linux
- Refer to the NVIDIA Support Answer for specific driver branches and fixed versions
Discovery Timeline
- 2025-02-02 - CVE-2024-0131 published to NVD
- 2026-04-15 - Last updated in NVD database
Technical Details for CVE-2024-0131
Vulnerability Analysis
The NVIDIA GPU kernel driver exposes interfaces that user-mode components invoke to manage GPU resources, queue work, and exchange data. CVE-2024-0131 occurs when one of these code paths reads from a buffer using a length value that does not match the actual allocated size. The driver consumes memory beyond the intended boundary during the read operation.
The attack requires local access and elevated privileges on the host. No user interaction is needed. Exploitation does not yield information disclosure or memory corruption suitable for code execution. Instead, the out-of-bounds read destabilizes kernel state and produces a denial of service condition, typically a system crash or GPU subsystem hang.
The issue is classified under [CWE-805] Buffer Access with Incorrect Length Value, a class of memory safety defects common in kernel drivers handling user-supplied descriptors.
Root Cause
The root cause is the driver's failure to validate that the length parameter used for a read operation matches the bounds of the source buffer. When the supplied or computed length exceeds the buffer size, the kernel reads adjacent memory and may operate on invalid data, triggering a fault.
Attack Vector
An attacker must hold a local, high-privilege context on the target. From that position, the attacker issues crafted IOCTL or driver API calls that influence the length value used during the vulnerable read. The driver then performs the out-of-bounds access, crashing the kernel or the GPU stack. No remote attack path is available.
No public proof-of-concept code is associated with this CVE. Technical specifics are limited to the vendor advisory; see the NVIDIA Support Answer for additional context.
Detection Methods for CVE-2024-0131
Indicators of Compromise
- Unexpected GPU driver crashes, bug checks referencing nvlddmkm.sys on Windows, or kernel oops messages referencing the nvidia module on Linux
- Repeated TDR (Timeout Detection and Recovery) events or GPU resets correlated with a specific local process
- System event logs showing kernel faults shortly after launches of unsigned or unusual user-mode binaries
Detection Strategies
- Inventory all endpoints and workstations with NVIDIA GPUs and compare installed driver versions against the fixed versions listed in the vendor advisory
- Alert on processes invoking GPU driver IOCTLs from non-standard locations or from unprivileged-to-privileged transitions
- Correlate kernel crash telemetry with privileged process activity to surface repeated abuse attempts
Monitoring Recommendations
- Forward Windows Reliability Monitor and Linux kernel.log events to a centralized logging platform for analysis
- Track driver version drift across the fleet to identify systems missing the NVIDIA security update
- Monitor for privilege escalation precursors, since exploitation requires high privileges already held by the attacker
How to Mitigate CVE-2024-0131
Immediate Actions Required
- Apply the patched NVIDIA GPU display driver versions documented in the NVIDIA Support Answer to every Windows and Linux host with affected hardware
- Restrict local administrative access on systems running NVIDIA GPUs, since exploitation requires high privileges
- Audit and remove unnecessary local accounts that hold administrative or root rights on GPU-equipped workstations and servers
Patch Information
NVIDIA has released fixed driver versions across its supported branches for both Windows and Linux. Consult the vendor advisory at NVIDIA Support Answer ID 5614 for the complete table of affected and remediated driver versions. Deploy the update through standard endpoint management tooling and reboot affected systems to load the new kernel driver.
Workarounds
- No vendor-supplied workaround replaces the patch; updating the driver is the only complete remediation
- Limit local privileged access and enforce least privilege to reduce the population of accounts able to exploit the flaw
- Where GPU compute workloads are not required, consider disabling the NVIDIA kernel driver on exposed multi-tenant systems until the patch is applied
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

