Vulnerability in NVIDIA GPU Display Driver for Linux
CVE-2023-0185

7.1HIGH

Key Information:

Vendor
NVIDIA
Status
vGPU software (Virtual GPU Manager - Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux KVM), NVIDIA Cloud Gaming (Virtual GPU Manager - Red Hat Enterprise Linux KVM)
Vendor
CVE Published:
1 April 2023

Summary

The NVIDIA GPU Display Driver for Linux is affected by a vulnerability in the kernel mode layer where improper sign conversion occurs. This issue can result in unexpected behavior, potentially leading to denial of service or unauthorized information disclosure. Users of the affected driver should be vigilant and consider applying the latest updates provided by NVIDIA to mitigate these risks.

Affected Version(s)

vGPU software (Virtual GPU Manager - Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux KVM), NVIDIA Cloud Gaming (Virtual GPU Manager - Red Hat Enterprise Linux KVM) All versions prior to and including 15.1, 13.6, 11.11, and all versions prior to and including February 2023 release

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5452
https://security.gentoo.org/glsa/202310-02

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.