CVE-2023-25517 - OpenCVE

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Citrix	Hypervisor
Nvidia	Gpu Display Driver
Redhat	Enterprise Linux Kernel-based Virtual Machine
Vmware	Vsphere

Configuration 1 [-]

AND

OR	cpe:2.3:a:nvidia:gpu_display_driver::::::::
	cpe:2.3:a:nvidia:gpu_display_driver::::::::
	cpe:2.3:a:nvidia:gpu_display_driver::::::::

OR	cpe:2.3:o:citrix:hypervisor:-:::::::*
	cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:::::::*
	cpe:2.3:o:vmware:vsphere:-:::::::*

No data.

References

Link	Providers
https://nvidia.custhelp.com/app/answers/detail/a_id/5468

History

No history.

MITRE

Status: PUBLISHED

Assigner: nvidia

Published: 2023-07-03T23:27:05.649Z

Updated: 2024-08-02T11:25:19.070Z

Reserved: 2023-02-07T02:57:17.084Z

Link: CVE-2023-25517

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-07-04T00:15:09.653

Modified: 2023-07-12T19:13:44.783

Link: CVE-2023-25517

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-25517", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "state": "PUBLISHED", "assignerShortName": "nvidia", "dateReserved": "2023-02-07T02:57:17.084Z", "datePublished": "2023-07-03T23:27:05.649Z", "dateUpdated": "2024-08-02T11:25:19.070Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "vGPU software", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All versions prior to and including 15.2, 13.7, and 11.12, and all versions prior to and including the May 2023 release"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering.</span>\n\n"}], "value": "\nNVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering.\n\n"}], "impacts": [{"descriptions": [{"lang": "en", "value": "Information disclosure and data tampering"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-285", "description": "CWE-285", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2023-07-03T23:27:05.649Z"}, "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5468"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:25:19.070Z"}, "title": "CVE Program Container", "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5468", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "D1DC70BA-BE3C-4BCA-B24D-FC3CF0E35075", "versionEndExcluding": "11.13", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "9267A801-34DE-497D-AD10-5C65DE068955", "versionEndExcluding": "13.8", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "6DCEAAB2-61CF-44E2-B251-732F43E980DF", "versionEndExcluding": "15.3", "versionStartIncluding": "15.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false}, {"criteria": "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E4A22C5-B3E1-4106-997C-D1C845F2C1EE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\nNVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering.\n\n"}], "id": "CVE-2023-25517", "lastModified": "2023-07-12T19:13:44.783", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "psirt@nvidia.com", "type": "Secondary"}]}, "published": "2023-07-04T00:15:09.653", "references": [{"source": "psirt@nvidia.com", "tags": ["Vendor Advisory"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5468"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-285"}], "source": "psirt@nvidia.com", "type": "Secondary"}]}