CVE-2024-0146

High

Published: 28 January 2025

Published

28 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0004 10.7th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause memory corruption. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, or data tampering.

Security Summary

CVE-2024-0146 is a vulnerability in NVIDIA vGPU software, specifically within the Virtual GPU Manager component. It enables a malicious guest to cause memory corruption, corresponding to CWE-120 (Buffer Copy without Checking Size of Input). The vulnerability received a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-01-28.

A malicious guest with local access and low privileges (PR:L) can exploit this issue with low attack complexity and no user interaction required. Successful exploitation could lead to code execution, denial of service, information disclosure, or data tampering.

The NVIDIA security advisory at https://nvidia.custhelp.com/app/answers/detail/a_id/5614 provides details on mitigation and available patches.

Details

CWE(s): CWE-120

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5614
psirt@nvidia.com