CVE-2024-0147
📋 TL;DR
This CVE describes a use-after-free vulnerability in NVIDIA GPU display drivers for Windows and Linux. An attacker could exploit this to cause denial of service or potentially tamper with data. Users with affected NVIDIA GPU drivers on Windows or Linux systems are vulnerable.
💻 Affected Systems
- NVIDIA GPU Display Driver
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker could execute arbitrary code with kernel privileges, leading to complete system compromise, data theft, or persistent malware installation.
Likely Case
Local attackers could cause system crashes (blue screen/panic) or corrupt GPU driver memory, leading to denial of service and potential data loss in active applications.
If Mitigated
With proper access controls and limited user privileges, impact is reduced to denial of service affecting only the current user session.
🎯 Exploit Status
Exploitation requires local access and knowledge of driver memory structures. No public exploit code is known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check NVIDIA advisory for specific patched driver versions
Vendor Advisory: https://nvidia.custhelp.com/app/answers/detail/a_id/5614
Restart Required: Yes
Instructions:
1. Visit NVIDIA Driver Downloads page. 2. Select your GPU model and operating system. 3. Download and install the latest driver version. 4. Restart your system to complete installation.
🔧 Temporary Workarounds
Restrict Local Access
allLimit physical and remote access to vulnerable systems to trusted users only
Implement Least Privilege
allEnsure users operate with minimal necessary privileges to reduce impact scope
🧯 If You Can't Patch
- Isolate vulnerable systems from critical networks and sensitive data
- Implement application allowlisting to prevent unauthorized code execution
🔍 How to Verify
Check if Vulnerable:
Check NVIDIA driver version against affected versions listed in the NVIDIA security advisoryCheck Version:
Windows: nvidia-smi (Command Prompt) or check Display Settings. Linux: nvidia-smi or modinfo nvidiaVerify Fix Applied:
Verify installed NVIDIA driver version matches or exceeds the patched version specified in the advisory📡 Detection & Monitoring
Log Indicators:
- System crashes (BSOD/kernel panics)
- GPU driver failure events in system logs
- Unexpected driver reloads
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
EventID 41 (Windows Kernel-Power) OR kernel panic logs with NVIDIA driver references