CVE-2024-0099 - OpenCVE

NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could cause buffer overrun in the host. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5551

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: nvidia

Published: 2024-06-13T21:23:30.685Z

Updated: 2024-06-17T13:17:13.597Z

Reserved: 2023-12-02T00:42:08.837Z

Link: CVE-2024-0099

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-06-13T22:15:13.573

Modified: 2024-06-17T12:43:31.090

Link: CVE-2024-0099

JSON object: View

Redhat Information

No data.

CWE

CWE-120

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-0099", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "state": "PUBLISHED", "assignerShortName": "nvidia", "dateReserved": "2023-12-02T00:42:08.837Z", "datePublished": "2024-06-13T21:23:30.685Z", "dateUpdated": "2024-06-17T13:17:13.597Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "vGPU software and Cloud Gaming", "vendor": "nvidia", "versions": [{"status": "affected", "version": "All versions up to and including 17.1, 16.5, 13.10, and the April 2024 release"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": true, "type": "text/html", "value": "NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could cause buffer overrun in the host. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service."}], "value": "NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could cause buffer overrun in the host. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Information disclosure, data tampering, escalation of privileges, denial of service"}]}], "metrics": [{"cvssV3_1": {"baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "description": "CWE-120", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2024-06-13T21:23:30.685Z"}, "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5551"}], "source": {"discovery": "UNKNOWN"}, "title": "CVE"}, "adp": [{"affected": [{"vendor": "nvidia", "product": "geforce", "cpes": ["cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "555.52.04", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "550.90.07", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "535.183.01", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "470.256.02", "versionType": "custom"}]}, {"vendor": "nvidia", "product": "tesla", "cpes": ["cpe:2.3:h:nvidia:tesla:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "550.90.07", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "535.183.01", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "470.256.02", "versionType": "custom"}]}, {"vendor": "nvidia", "product": "quadro", "cpes": ["cpe:2.3:h:nvidia:quadro:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "555.52.04", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "550.90.07", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "535.183.01", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "470.256.02", "versionType": "custom"}]}, {"vendor": "nvidia", "product": "rtx", "cpes": ["cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "555.52.04", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "550.90.07", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "535.183.01", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "470.256.02", "versionType": "custom"}]}, {"vendor": "nvidia", "product": "nvs", "cpes": ["cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "555.52.04", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "550.90.07", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "535.183.01", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "470.256.02", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-15T03:55:37.498303Z", "id": "CVE-2024-0099", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T13:17:13.597Z"}}]}}