Hacker discovers and reports RCE vulnerability in Nvidia ChatRTX for Windows, promptly fixed by developers

Nvidia's ChatRTX (formerly Chat with RTX) AI app launched just over a month ago, but has already received fixes for two major issues. vulnerabilitieswhich allowed for privilege escalation and remote code execution.

ChatRTX offers Nvidia GPU owners an AI chatbot that can run locally on RTX 30 and 40 series hardware (requires at least 8GB of VRAM).


ChatRTX found two problems at once, which received the identifiers CVE-2024-0082 (6.5 points on the CVSS scale) and CVE-2024-0083 (8.2 points on the CVSS scale).

The first vulnerability, CVE-2024-0083, allows attackers to conduct denial-of-service attacks, steal data, and even perform remote code execution (RCE). The second vulnerability, CVE-2024-0082, also allows data to be stolen and replaced, as well as privilege escalation.

RCE combined with privilege escalation can be a powerful combination, but Nvidia doesn't go into detail, only noting that the problems were related to open file requests and XSS, which allow browser scripts to be executed.

The company did not say whether any of the users were attacked and compromised “thanks” to bugs in ChatRTX.