CVE-2024-0093 — Sensitive Information Exposure in Nvidia Cloud Gaming

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

5.5MEDIUMNVD

CNA6.5

EPSS

0.2%

top 59.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Cloud Gaming Nvidia Virtual GPU Nvidia Vgpu Software AND Cloud Gaming

Timeline

PublishedJun 13

Latest updateJun 14

Description

NVIDIA GPU software for Linux contains a vulnerability where it can expose sensitive information to an actor that is not explicitly authorized to have access to that information. A successful exploit of this vulnerability might lead to information disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5nvidia/vgpu_software_and_cloud_gamingAll versions up to and including 17.1, 16.5, 13.10, and the April 2024 release

▶NVDnvidia/virtual_gpu14.0 — 16.6+2

▶NVDnvidia/cloud_gaming< 555.52.04

🔴Vulnerability Details

GHSA

GHSA-pf7f-vvhc-pv8f: NVIDIA GPU software for Linux contains a vulnerability where it can expose sensitive information to an actor that is not explicitly authorized to have↗2024-06-14

▶

OSV

CVE-2024-0093: NVIDIA GPU software for Linux contains a vulnerability where it can expose sensitive information to an actor that is not explicitly authorized to have↗2024-06-13

▶

CVEList

CVE↗2024-06-13

▶