CVE-2022-31609

CWE-285 CWE-863 — Incorrect Authorization4 documents4 sources

Severity

7.8HIGH

EPSS

0.0%

top 87.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Virtual GPU Nvidia Nvidia Virtual GPU Software AND Nvidia Cloud Gaming

Timeline

PublishedAug 5

Latest updateAug 6

Description

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows the guest VM to allocate resources for which the guest is not authorized. This vulnerability may lead to loss of data integrity and confidentiality, denial of service, or information disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5nvidia/nvidia_virtual_gpu_software_and_nvidia_cloud_gamingvGPU version 14.x (prior to 14.2), version 13.x (prior to 13.4) and version 11.x (prior 11.9).

▶NVDnvidia/virtual_gpu11.0 — 11.8+3

Patches

Patch: nvidia.custhelp.com ↗Patch: nvidia.custhelp.com ↗

🔴Vulnerability Details

GHSA

GHSA-8482-w39m-g3c5: NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows the guest VM to allocate resources for which t↗2022-08-06

▶

OSV

CVE-2022-31609: NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows the guest VM to allocate resources for which t↗2022-08-05

▶

CVEList

CVE-2022-31609: NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows the guest VM to allocate resources for which t↗2022-08-05

▶