CVE-2024-0107: 
NVIDIA Graphics Driver vulnerability analysis and mitigation

NVIDIA GPU Display Driver for Windows was found to contain a vulnerability (CVE-2024-0107) in its user mode layer. The vulnerability was disclosed in July 2024 and affects multiple NVIDIA driver versions across different product lines including GeForce, NVIDIA RTX/Quadro, NVS, and Tesla Windows drivers. This security issue allows an unprivileged regular user to cause an out-of-bounds read in the system (NVIDIA Bulletin).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High severity) with the vector string AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. It is classified as CWE-125, which is an out-of-bounds read vulnerability. The technical assessment indicates that the vulnerability exists in the user mode layer of the NVIDIA GPU Display Driver for Windows (NVIDIA Bulletin).

A successful exploitation of this vulnerability can lead to multiple severe consequences including code execution, denial of service, escalation of privileges, information disclosure, and data tampering. The high CVSS score reflects the significant potential impact on affected systems (NVIDIA Bulletin, CVE Details).

NVIDIA has released security updates to address this vulnerability across multiple driver branches. For GeForce products, users should update to version 556.12 for R555 branch, 475.14 for R470 branch. For NVIDIA RTX/Quadro, NVS, and Tesla products, updates are available as versions 552.74 (R550 branch), 538.78 (R535 branch), and 475.14 (R470 branch). Additionally, updates have been released for vGPU Software and Cloud Gaming components (NVIDIA Bulletin).