CVE-2023-25517

CWE-2853 documents3 sources
Severity
7.1HIGH
EPSS
0.1%
top 79.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nvidia GPU Display DriverNvidia Vgpu Software
Timeline
PublishedJul 4

Description

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

CVEListV5nvidia/vgpu_softwareAll versions prior to and including 15.2, 13.7, and 11.12, and all versions prior to and including the May 2023 release
NVDnvidia/gpu_display_driver13.013.8+2

🔴Vulnerability Details

2
GHSA
GHSA-w64q-wx8r-43p6: NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it2023-07-04
CVEList
CVE-2023-25517: NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it2023-07-03
CVE-2023-25517 (HIGH CVSS 7.1) | NVIDIA vGPU software contains a vul | cvebase.io