Detections
Analytics
NVIDIA Windows GPU Display Driver (January 2025)
high Nessus Plugin ID 214527
Synopsis
The NVIDIA GPU display driver software on the remote Windows host is missing a vendor-supplied patch.Description
A display driver installed on the remote Windows host is affected by multiple vulnerabilities, including:- NVIDIA GPU display driver for Windows and Linux contains a vulnerability where data is written past the end or before the beginning of a buffer. A successful exploit of this vulnerability might lead to information disclosure, denial of service, or data tampering. (CVE-2024-0150)
- NVIDIA GPU display driver for Windows and Linux contains a vulnerability where referencing memory after it has been freed can lead to denial of service or data tampering. (CVE-2024-0147)
- NVIDIA GPU kernel driver for Windows and Linux contains a vulnerability where a potential user-mode attacker could read a buffer with an incorrect length. A successful exploit of this vulnerability might lead to denial of service.
(CVE-2024-0131)
Note that Nessus has not attempted to exploit these issues but has instead relied only on the driver's self-reported version number.
Solution
Upgrade the NVIDIA graphics driver in accordance with the vendor advisory.See Also
Plugin Details
Severity: High
ID: 214527
File Name: nvidia_win_2025_1.nasl
Version: 1.1
Type: local
Agent: windows
Family: Windows
Published: 1/23/2025
Updated: 1/23/2025
Configuration: Enable paranoid mode
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.0
CVSS v2
Risk Factor: Medium
Base Score: 6.2
Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:C/A:C
CVSS Score Source: CVE-2024-0150
CVSS v3
Risk Factor: High
Base Score: 7.1
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Vulnerability Information
CPE: cpe:/a:nvidia:gpu_driver
Required KB Items: Settings/ParanoidReport, WMI/DisplayDrivers/NVIDIA
Patch Publication Date: 1/16/2025
Vulnerability Publication Date: 1/16/2025