Nvidia Cloud Gaming vulnerabilities

CVE-2024-0085 [MEDIUM] CWE-266 CVE-2024-0085: NVIDIA vGPU software for Windows and Linux contains a vulnerability where unprivileged users could e NVIDIA vGPU software for Windows and Linux contains a vulnerability where unprivileged users could execute privileged operations on the host. A successful exploit of this vulnerability might lead to data tampering, escalation of privileges, and denial of service.

CVE-2024-0090 [HIGH] CWE-787 CVE-2024-0090: NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bo NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

CVE-2024-0084 [HIGH] CWE-250 CVE-2024-0084: NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could execute privileged operations. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service.

CVE-2024-0089 [HIGH] CWE-665 CVE-2024-0089: NVIDIA GPU Display Driver for Windows contains a vulnerability where the information from a previous NVIDIA GPU Display Driver for Windows contains a vulnerability where the information from a previous client or another process could be disclosed. A successful exploit of this vulnerability might lead to code execution, information disclosure, or data tampering.

CVE-2024-0091 [HIGH] CWE-822 CVE-2024-0091: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an u NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data tampering.

CVE-2024-0092 [MEDIUM] CWE-703 CVE-2024-0092: NVIDIA GPU Driver for Windows and Linux contains a vulnerability where an improper check or improper NVIDIA GPU Driver for Windows and Linux contains a vulnerability where an improper check or improper handling of exception conditions might lead to denial of service.

CVE-2024-0093 [MEDIUM] CWE-200 CVE-2024-0093: NVIDIA GPU software for Linux contains a vulnerability where it can expose sensitive information to NVIDIA GPU software for Linux contains a vulnerability where it can expose sensitive information to an actor that is not explicitly authorized to have access to that information. A successful exploit of this vulnerability might lead to information disclosure.

CVE-2024-0086 [MEDIUM] CWE-476 CVE-2024-0086: NVIDIA vGPU software for Linux contains a vulnerability where the software can dereference a NULL po NVIDIA vGPU software for Linux contains a vulnerability where the software can dereference a NULL pointer. A successful exploit of this vulnerability might lead to denial of service and undefined behavior in the vGPU plugin.

CVE-2023-25515 [HIGH] CWE-822 CVE-2023-25515: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrust NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrusted data is parsed, which may lead to code execution, denial of service, escalation of privileges, data tampering, or information disclosure.

CVE-2022-42260 [HIGH] CWE-281 CVE-2022-42260: NVIDIA vGPU Display Driver for Linux guest contains a vulnerability in a D-Bus configuration file, w NVIDIA vGPU Display Driver for Linux guest contains a vulnerability in a D-Bus configuration file, where an unauthorized user in the guest VM can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

CVE-2022-34677 [MEDIUM] CWE-125 CVE-2022-34677: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause an integer to be truncated, which may lead to denial of service or data tampering.

CVE-2022-42263 [HIGH] CWE-190 CVE-2022-42263: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an Integer overflow may lead to denial of service or information disclosure.

CVE-2022-42256 [MEDIUM] CWE-190 CVE-2022-42256: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), w NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow in index validation may lead to denial of service, information disclosure, or data tampering.

CVE-2022-34684 [MEDIUM] CWE-125 CVE-2022-34684: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), w NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an off-by-one error may lead to data tampering or information disclosure.

CVE-2022-42254 [MEDIUM] CWE-125 CVE-2022-42254: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), w NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, data tampering, or information disclosure.

CVE-2022-42258 [MEDIUM] CWE-190 CVE-2022-42258: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), w NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service, data tampering, or information disclosure.

CVE-2022-34670 [HIGH] CWE-197 CVE-2022-34670: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause truncation errors when casting a primitive to a primitive of smaller size causes data to be lost in the conversion, which may lead to denial of service or information disclosure.

CVE-2022-42261 [HIGH] CWE-120 CVE-2022-42261: NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an inp NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service.

CVE-2022-34669 [HIGH] CWE-73 CVE-2022-34669: NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unpr NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can access or modify system files or other files that are critical to the application, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

CVE-2022-42262 [HIGH] CWE-787 CVE-2022-42262: NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an inp NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service.