NVIDIA vGPU Software Virtual GPU Manager Vulnerability
CVE-2023-0197

5.5MEDIUM

Key Information:

Vendor
Nvidia
Status
Vgpu Software (virtual Gpu Manager - Citrix Hypervisor, Vmware Vsphere, Red Hat Enterprise Linux Kvm), Nvidia Cloud Gaming (virtual Gpu Manager - Red Hat Enterprise Linux Kvm)
Vendor
CVE Published:
1 April 2023

Summary

The NVIDIA vGPU software features a vulnerability in the Virtual GPU Manager, allowing a malicious user within a guest virtual machine to exploit a NULL-pointer dereference. This exploitation has the potential to disrupt service, leading to a denial of service condition. Organizations utilizing NVIDIA vGPU should be aware of this risk and apply necessary updates to safeguard their systems.

Affected Version(s)

vGPU software (Virtual GPU Manager - Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux KVM), NVIDIA Cloud Gaming (Virtual GPU Manager - Red Hat Enterprise Linux KVM) All versions prior to and including 15.1, 13.6, 11.11, and all versions prior to and including February 2023 release

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5452

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.