CVE Vulnerabilities

CVE-2024-0071

Out-of-bounds Read

Published: Mar 27, 2024 | Modified: Mar 28, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds write. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Weakness

The product reads data past the end, or before the beginning, of the intended buffer.

Affected Software

Name Vendor Start Version End Version
Nvidia-graphics-drivers-304 Ubuntu esm-infra/xenial *
Nvidia-graphics-drivers-340 Ubuntu esm-infra/xenial *
Nvidia-graphics-drivers-340 Ubuntu focal *
Nvidia-graphics-drivers-390 Ubuntu focal *
Nvidia-graphics-drivers-390 Ubuntu jammy *
Nvidia-graphics-drivers-418-server Ubuntu focal *
Nvidia-graphics-drivers-418-server Ubuntu jammy *
Nvidia-graphics-drivers-430 Ubuntu focal *
Nvidia-graphics-drivers-430 Ubuntu jammy *
Nvidia-graphics-drivers-430 Ubuntu mantic *
Nvidia-graphics-drivers-435 Ubuntu focal *
Nvidia-graphics-drivers-435 Ubuntu jammy *
Nvidia-graphics-drivers-435 Ubuntu mantic *
Nvidia-graphics-drivers-440 Ubuntu focal *
Nvidia-graphics-drivers-440 Ubuntu jammy *
Nvidia-graphics-drivers-440 Ubuntu mantic *
Nvidia-graphics-drivers-440-server Ubuntu focal *
Nvidia-graphics-drivers-440-server Ubuntu jammy *
Nvidia-graphics-drivers-450 Ubuntu focal *
Nvidia-graphics-drivers-450 Ubuntu jammy *
Nvidia-graphics-drivers-450 Ubuntu mantic *
Nvidia-graphics-drivers-455 Ubuntu focal *
Nvidia-graphics-drivers-455 Ubuntu jammy *
Nvidia-graphics-drivers-455 Ubuntu mantic *
Nvidia-graphics-drivers-460 Ubuntu focal *
Nvidia-graphics-drivers-460 Ubuntu jammy *
Nvidia-graphics-drivers-460 Ubuntu mantic *
Nvidia-graphics-drivers-460-server Ubuntu focal *
Nvidia-graphics-drivers-510 Ubuntu focal *
Nvidia-graphics-drivers-510 Ubuntu jammy *
Nvidia-graphics-drivers-510 Ubuntu mantic *
Nvidia-graphics-drivers-520 Ubuntu focal *
Nvidia-graphics-drivers-520 Ubuntu jammy *

Potential Mitigations

  • Assume all input is malicious. Use an “accept known good” input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, “boat” may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as “red” or “blue.”
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code’s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
  • To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.

References