CVE-2023-0197 - OpenCVE

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious user in a guest VM can cause a NULL-pointer dereference, which may lead to denial of service.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Citrix	Hypervisor
Nvidia	Virtual Gpu
Redhat	Enterprise Linux Kernel-based Virtual Machine
Vmware	Vsphere

Configuration 1 [-]

AND

OR	cpe:2.3:a:nvidia:virtual_gpu::::::::
	cpe:2.3:a:nvidia:virtual_gpu::::::::
	cpe:2.3:a:nvidia:virtual_gpu::::::::

OR	cpe:2.3:o:citrix:hypervisor:-:::::::*
	cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:::::::*
	cpe:2.3:o:vmware:vsphere:-:::::::*

No data.

References

Link	Providers
https://nvidia.custhelp.com/app/answers/detail/a_id/5452

History

No history.

MITRE

Status: PUBLISHED

Assigner: nvidia

Published: 2023-04-01T04:55:48.959Z

Updated: 2024-08-02T05:02:44.071Z

Reserved: 2023-01-11T05:48:49.973Z

Link: CVE-2023-0197

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-04-01T05:15:08.503

Modified: 2023-04-10T14:04:18.707

Link: CVE-2023-0197

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-0197", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "state": "PUBLISHED", "assignerShortName": "nvidia", "dateReserved": "2023-01-11T05:48:49.973Z", "datePublished": "2023-04-01T04:55:48.959Z", "dateUpdated": "2024-08-02T05:02:44.071Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "vGPU software (Virtual GPU Manager - Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux KVM), NVIDIA Cloud Gaming (Virtual GPU Manager - Red Hat Enterprise Linux KVM)", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All versions prior to and including 15.1, 13.6, 11.11, and all versions prior to and including February 2023 release"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": true, "type": "text/html", "value": "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious user in a guest VM can cause a NULL-pointer dereference, which may lead to denial of service."}], "value": "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious user in a guest VM can cause a NULL-pointer dereference, which may lead to denial of service."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Denial of Service"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2023-04-01T04:55:48.959Z"}, "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5452"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:02:44.071Z"}, "title": "CVE Program Container", "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5452", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "81A64668-3B60-402B-B0EF-919079700FB9", "versionEndExcluding": "11.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "65AFFB06-AC6E-426A-97D0-768F34853D6A", "versionEndExcluding": "13.7", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "41388772-0B7C-4238-8021-590D0F1C0CE8", "versionEndExcluding": "15.2", "versionStartIncluding": "15.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false}, {"criteria": "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E4A22C5-B3E1-4106-997C-D1C845F2C1EE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious user in a guest VM can cause a NULL-pointer dereference, which may lead to denial of service."}], "id": "CVE-2023-0197", "lastModified": "2023-04-10T14:04:18.707", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@nvidia.com", "type": "Secondary"}]}, "published": "2023-04-01T05:15:08.503", "references": [{"source": "psirt@nvidia.com", "tags": ["Vendor Advisory"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5452"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-476"}], "source": "psirt@nvidia.com", "type": "Secondary"}]}