CVE-2024-0084Execution with Unnecessary Privileges in Nvidia Cloud Gaming

CWE-250Execution with Unnecessary Privileges3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.2%
top 62.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Nvidia Cloud GamingNvidia Virtual GPUNvidia Vgpu Software AND Cloud Gaming
Timeline
PublishedJun 13
Latest updateJun 14

Description

NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could execute privileged operations. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5nvidia/vgpu_software_and_cloud_gamingAll versions up to and including 17.1, 16.5, 13.10, and the April 2024 release
NVDnvidia/virtual_gpu14.016.6+2
NVDnvidia/cloud_gaming< 555.52.04

🔴Vulnerability Details

2
GHSA
GHSA-mhvg-m4c7-2668: NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could execute privileged operations2024-06-14
CVEList
CVE2024-06-13
CVE-2024-0084 — Execution with Unnecessary Privileges | cvebase