NVIDIA vGPU Software Vulnerability Could Lead to Privilege Escalation and Data Tampering
CVE-2024-0085

7.8HIGH

Key Information:

Vendor: Nvidia
Status: Vgpu Software And Cloud Gaming
Vendor: CVE Published:; 13 June 2024

Summary

NVIDIA vGPU software for Windows and Linux contains a vulnerability that can be exploited by unprivileged users to perform operations requiring higher privileges on the host system. This security flaw can potentially lead to serious consequences, such as unauthorized data manipulation, escalation of privileges allowing further control over the system, and denial of service, effectively disrupting normal operations. It is crucial for organizations using NVIDIA vGPU software to apply necessary patches and security measures to mitigate the risks associated with this vulnerability.

Affected Version(s)

vGPU software and Cloud Gaming All versions up to and including 17.1, 16.5, 13.10, and the April 2024 release

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5551

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 13, 2024
Vulnerability Reserved
Dec 2, 2023