{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-31021", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "state": "PUBLISHED", "assignerShortName": "nvidia", "dateReserved": "2023-04-22T02:38:27.190Z", "datePublished": "2023-11-02T18:56:21.642Z", "dateUpdated": "2024-09-05T14:35:22.243Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "vGPU driver and Cloud gaming driver", "vendor": "nvidia", "versions": [{"status": "affected", "version": "All versions prior to and including 13.8, 15.3, 16.1 and all versions prior to and including September 2023 release"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": true, "type": "text/html", "value": "NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a malicious user in the guest VM can cause a NULL-pointer dereference, which may lead to denial of service."}], "value": "NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a malicious user in the guest VM can cause a NULL-pointer dereference, which may lead to denial of service."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Denial of service"}]}], "metrics": [{"cvssV3_1": {"baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "CWE-476", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2023-11-02T18:56:21.642Z"}, "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5491"}], "source": {"discovery": "UNKNOWN"}, "title": "CVE"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:45:25.684Z"}, "title": "CVE Program Container", "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5491", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-05T14:25:13.496871Z", "id": "CVE-2023-31021", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-05T14:35:22.243Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5491", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:45:25.684Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-31021", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-05T14:25:13.496871Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-05T14:35:14.958Z"}}], "cna": {"title": "CVE", "source": {"discovery": "UNKNOWN"}, "impacts": [{"descriptions": [{"lang": "en", "value": "Denial of service"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "nvidia", "product": "vGPU driver and Cloud gaming driver", "versions": [{"status": "affected", "version": "All versions prior to and including 13.8, 15.3, 16.1 and all versions prior to and including September 2023 release"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5491"}], "descriptions": [{"lang": "en", "value": "NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a malicious user in the guest VM can cause a NULL-pointer dereference, which may lead to denial of service.", "supportingMedia": [{"type": "text/html", "value": "NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a malicious user in the guest VM can cause a NULL-pointer dereference, which may lead to denial of service.", "base64": true}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2023-11-02T18:56:21.642Z"}}}, "cveMetadata": {"cveId": "CVE-2023-31021", "state": "PUBLISHED", "dateUpdated": "2024-09-05T14:35:22.243Z", "dateReserved": "2023-04-22T02:38:27.190Z", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "datePublished": "2023-11-02T18:56:21.642Z", "assignerShortName": "nvidia"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "A173FE3C-139F-4100-9CE2-20B72DE4B345", "versionEndExcluding": "13.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "98A00760-DA5C-4590-B7D0-95BA75AD06B1", "versionEndExcluding": "15.4", "versionStartIncluding": "14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF0CB34E-DA9B-436E-B710-0D71E8B31B7E", "versionEndExcluding": "16.2", "versionStartIncluding": "16.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:azure_stack_hci:-:*:*:*:*:*:*:*", "matchCriteriaId": "1CF31A34-9492-498F-8A78-F233C0075CB2", "vulnerable": false}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:-:*:*:*:*:*:*:*", "matchCriteriaId": "019A2188-0877-45DE-8512-F0BF70DD179C", "vulnerable": false}, {"criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux-kvm:kernel_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "1D515B61-E580-491D-83F4-D42768DB1B85", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:-:*:*:*:*:*:*:*", "matchCriteriaId": "3F7347E2-C2A4-4230-A1BC-F6FE93943D4F", "vulnerable": false}, {"criteria": "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E4A22C5-B3E1-4106-997C-D1C845F2C1EE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a malicious user in the guest VM can cause a NULL-pointer dereference, which may lead to denial of service."}, {"lang": "es", "value": "NVIDIA vGPU Software para Windows y Linux contiene una vulnerabilidad en Virtual GPU Manager (plugin vGPU), donde un usuario malintencionado en la VM invitada puede provocar una desreferencia del puntero NULL, lo que puede provocar una denegaci\u00f3n de servicio."}], "id": "CVE-2023-31021", "lastModified": "2024-11-21T08:01:15.800", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@nvidia.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-02T19:15:41.313", "references": [{"source": "psirt@nvidia.com", "tags": ["Vendor Advisory"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5491"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5491"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "psirt@nvidia.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}