Vulnerability in NVIDIA GPU Display Driver for Linux
CVE-2023-0185

6.7MEDIUM

Key Information:

Vendor
Nvidia
Status
Vgpu Software (virtual Gpu Manager - Citrix Hypervisor, Vmware Vsphere, Red Hat Enterprise Linux Kvm), Nvidia Cloud Gaming (virtual Gpu Manager - Red Hat Enterprise Linux Kvm)
Vendor
CVE Published:
1 April 2023

Summary

The NVIDIA GPU Display Driver for Linux is affected by a vulnerability in the kernel mode layer where improper sign conversion occurs. This issue can result in unexpected behavior, potentially leading to denial of service or unauthorized information disclosure. Users of the affected driver should be vigilant and consider applying the latest updates provided by NVIDIA to mitigate these risks.

Affected Version(s)

vGPU software (Virtual GPU Manager - Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux KVM), NVIDIA Cloud Gaming (Virtual GPU Manager - Red Hat Enterprise Linux KVM) All versions prior to and including 15.1, 13.6, 11.11, and all versions prior to and including February 2023 release

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5452
https://security.gentoo.org/glsa/202310-02

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.