CVE-2022-31609 - OpenCVE

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows the guest VM to allocate resources for which the guest is not authorized. This vulnerability may lead to loss of data integrity and confidentiality, denial of service, or information disclosure.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Nvidia	Virtual Gpu

Configuration 1 [-]

OR	cpe:2.3:a:nvidia:virtual_gpu::::::::
	cpe:2.3:a:nvidia:virtual_gpu::::::::
	cpe:2.3:a:nvidia:virtual_gpu:14.0:::::::*
	cpe:2.3:a:nvidia:virtual_gpu:14.1:::::::*

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5383	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: nvidia

Published: 2022-08-05T20:30:19

Updated: 2022-08-05T20:30:19

Reserved: 2022-05-24T00:00:00

Link: CVE-2022-31609

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-08-05T21:15:08.813

Modified: 2023-07-24T13:07:41.953

Link: CVE-2022-31609

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "NVIDIA Virtual GPU Software and NVIDIA Cloud Gaming", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "vGPU version 14.x (prior to 14.2), version 13.x (prior to 13.4) and version 11.x (prior 11.9)."}]}], "descriptions": [{"lang": "en", "value": "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows the guest VM to allocate resources for which the guest is not authorized. This vulnerability may lead to loss of data integrity and confidentiality, denial of service, or information disclosure."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-285", "description": "CWE-285 Improper Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-05T20:30:19", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@nvidia.com", "ID": "CVE-2022-31609", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "NVIDIA Virtual GPU Software and NVIDIA Cloud Gaming", "version": {"version_data": [{"version_value": "vGPU version 14.x (prior to 14.2), version 13.x (prior to 13.4) and version 11.x (prior 11.9)."}]}}]}, "vendor_name": "NVIDIA"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows the guest VM to allocate resources for which the guest is not authorized. This vulnerability may lead to loss of data integrity and confidentiality, denial of service, or information disclosure."}]}, "impact": {"cvss": {"baseScore": 7.8, "baseSeverity": "High", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-285 Improper Authorization"}]}]}, "references": {"reference_data": [{"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383", "refsource": "MISC", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383"}]}}}}, "cveMetadata": {"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-31609", "datePublished": "2022-08-05T20:30:19", "dateReserved": "2022-05-24T00:00:00", "dateUpdated": "2022-08-05T20:30:19", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "45F338C5-245D-4D10-9B48-B56B7094F167", "versionEndExcluding": "11.8", "versionStartIncluding": "11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "98C8F13F-2F8F-4BAE-B971-582084B93D58", "versionEndExcluding": "13.3", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:virtual_gpu:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "3CB2F728-3BFD-418D-AC29-A4165D1E7CA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:virtual_gpu:14.1:*:*:*:*:*:*:*", "matchCriteriaId": "F3C0C0B2-C4DC-4DB8-BD80-D6082FD1248B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows the guest VM to allocate resources for which the guest is not authorized. This vulnerability may lead to loss of data integrity and confidentiality, denial of service, or information disclosure."}, {"lang": "es", "value": "El software NVIDIA vGPU contiene una vulnerabilidad en el Virtual GPU Manager (vGPU plugin), donde permite que la VM invitada asigne recursos para los que el invitado no est\u00e1 autorizado. Esta vulnerabilidad puede conllevar a una p\u00e9rdida de integridad y confidencialidad de los datos, una denegaci\u00f3n de servicio o una divulgaci\u00f3n de informaci\u00f3n"}], "id": "CVE-2022-31609", "lastModified": "2023-07-24T13:07:41.953", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "psirt@nvidia.com", "type": "Primary"}]}, "published": "2022-08-05T21:15:08.813", "references": [{"source": "psirt@nvidia.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-285"}], "source": "psirt@nvidia.com", "type": "Secondary"}]}