CVE-2024-0085

NVIDIA vGPU software for Windows and Linux contains a vulnerability where unprivileged users could execute privileged operations on the host. A successful exploit of this vulnerability might lead to data tampering, escalation of privileges, and denial of service.
References
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*
OR cpe:2.3:a:vmware:vsphere:-:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:-:*:*:*:*:*:*:*
cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*
OR cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*
cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:azure_stack_hci:-:*:*:*:*:*:*:*

History

15 Aug 2024, 22:03

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 6.3
v2 : unknown
v3 : 7.8
First Time Redhat enterprise Linux Kernel-based Virtual Machine
Citrix
Redhat
Canonical ubuntu Linux
Vmware
Canonical
Microsoft
Citrix hypervisor
Nvidia cloud Gaming
Nvidia virtual Gpu
Nvidia
Vmware vsphere
Microsoft azure Stack Hci
CWE NVD-CWE-Other
CPE cpe:2.3:a:vmware:vsphere:-:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:-:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*
cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:azure_stack_hci:-:*:*:*:*:*:*:*
cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*
References () https://nvidia.custhelp.com/app/answers/detail/a_id/5551 - () https://nvidia.custhelp.com/app/answers/detail/a_id/5551 - Vendor Advisory

17 Jun 2024, 12:43

Type Values Removed Values Added
Summary
  • (es) El software NVIDIA vGPU para Windows y Linux contiene una vulnerabilidad por la que usuarios sin privilegios podrían ejecutar operaciones privilegiadas en el host. Una explotación exitosa de esta vulnerabilidad podría provocar manipulación de datos, escalada de privilegios y denegación de servicio.

13 Jun 2024, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-13 22:15

Updated : 2024-08-15 22:03


NVD link : CVE-2024-0085

Mitre link : CVE-2024-0085

CVE.ORG link : CVE-2024-0085


JSON object : View

Products Affected

microsoft

  • azure_stack_hci

redhat

  • enterprise_linux_kernel-based_virtual_machine

canonical

  • ubuntu_linux

nvidia

  • virtual_gpu
  • cloud_gaming

vmware

  • vsphere

citrix

  • hypervisor
CWE
NVD-CWE-Other CWE-266

Incorrect Privilege Assignment