NVIDIA Virtual GPU Manager Vulnerability Allows Guest OS Resource Misallocation and Multiple Attacks
CVE-2024-0077
7.8HIGH
Key Information:
- Vendor
- Nvidia
- Vendor
- CVE Published:
- 27 March 2024
Summary
A vulnerability exists within NVIDIA Virtual GPU Manager’s vGPU plugin that permits a guest operating system to allocate system resources beyond its authorization scope. Successful exploitation of this issue may enable an attacker to execute arbitrary code, inflict a denial of service on the affected system, escalate privileges, disclose sensitive information, or tamper with data. This presents significant risks for users reliant on the security and integrity of their virtual environments, necessitating immediate attention and remediation.
Affected Version(s)
vGPU driver, Cloud Gaming driver All versions prior to and including 16.3, 13.9, and all versions prior to and including the January 2024 release
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved