NVIDIA vGPU Software Vulnerability Could Lead to Code Execution, Privilege Escalation, and More
CVE-2024-0127

7.8HIGH

Key Information:

Vendor
Nvidia
Status
Vgpu And Cloud Gaming
Vendor
CVE Published:
26 October 2024

Summary

NVIDIA vGPU software is vulnerable due to improper input validation in its GPU kernel driver associated with the vGPU Manager across all supported hypervisors. This flaw provides an opportunity for users operating within the guest operating system to compromise the guest OS kernel. If successfully exploited, this vulnerability can lead to serious consequences such as unauthorized code execution, elevation of user privileges, data manipulation, service interruptions, and potential information leaks. This highlights the importance of updating to the latest security patches to mitigate risks associated with this vulnerability.

Affected Version(s)

vGPU and Cloud Gaming All versions prior to 17.4, 16.8, and the October 2024 release

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5586

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.