CVE-2024-0085 - OpenCVE

NVIDIA vGPU software for Windows and Linux contains a vulnerability where unprivileged users could execute privileged operations on the host. A successful exploit of this vulnerability might lead to data tampering, escalation of privileges, and denial of service.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Citrix	Hypervisor
Microsoft	Azure Stack Hci
Nvidia	Cloud Gaming Virtual Gpu
Redhat	Enterprise Linux Kernel-based Virtual Machine
Vmware	Vsphere

Configuration 1 [-]

AND

OR	cpe:2.3:a:nvidia:virtual_gpu::::::::
	cpe:2.3:a:nvidia:virtual_gpu::::::::
	cpe:2.3:a:nvidia:virtual_gpu::::::::

OR	cpe:2.3:a:vmware:vsphere:-:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:-:::::::*
	cpe:2.3:o:citrix:hypervisor:-:::::::*
	cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:::::::*
	cpe:2.3:o:vmware:vsphere:-:::::::*

Configuration 3 [-]

AND

cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:azure_stack_hci:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://nvidia.custhelp.com/app/answers/detail/a_id/5551

History

Thu, 15 Aug 2024 22:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Canonical Canonical ubuntu Linux Citrix Citrix hypervisor Microsoft Microsoft azure Stack Hci Nvidia Nvidia cloud Gaming Nvidia virtual Gpu Redhat Redhat enterprise Linux Kernel-based Virtual Machine Vmware Vmware vsphere
Weaknesses		NVD-CWE-Other
CPEs		cpe:2.3:a:microsoft:azure_stack_hci:-:::::::* cpe:2.3:a:nvidia:cloud_gaming:::::::: cpe:2.3:a:nvidia:virtual_gpu:::::::: cpe:2.3:a:vmware:vsphere:-:::::::* cpe:2.3:o:canonical:ubuntu_linux:-:::::::* cpe:2.3:o:citrix:hypervisor:-:::::::* cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:::::::* cpe:2.3:o:vmware:vsphere:-:::::::*
Vendors & Products		Canonical Canonical ubuntu Linux Citrix Citrix hypervisor Microsoft Microsoft azure Stack Hci Nvidia Nvidia cloud Gaming Nvidia virtual Gpu Redhat Redhat enterprise Linux Kernel-based Virtual Machine Vmware Vmware vsphere

MITRE

Status: PUBLISHED

Assigner: nvidia

Published: 2024-06-13T21:23:31.505Z

Updated: 2024-08-19T17:00:44.334Z

Reserved: 2023-12-02T00:41:56.027Z

Link: CVE-2024-0085

Vulnrichment

Updated: 2024-08-01T17:41:15.760Z

NVD

Status : Analyzed

Published: 2024-06-13T22:15:11.483

Modified: 2024-08-15T22:03:21.767

Link: CVE-2024-0085

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object