NVIDIA Virtual GPU Manager Vulnerability Allows Guest OS Resource Misallocation and Multiple Attacks

CVE-2024-0077

7.8HIGH

Key Information

Vendor: Nvidia
Status: Vgpu Driver, Cloud Gaming Driver
Vendor: CVE Published:; 27 March 2024

Summary

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, where it allows a guest OS to allocate resources for which the guest OS is not authorized. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Affected Version(s)

vGPU driver, Cloud Gaming driver = All versions prior to and including 16.3, 13.9, and all versions prior to and including the January 2024 release

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Mar 27, 2024
Vulnerability Reserved.
Dec 2, 2023

Collectors

NVD DatabaseMitre Database