CVE-2022-31609

Summary

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows the guest VM to allocate resources for which the guest is not authorized. This vulnerability may lead to loss of data integrity and confidentiality, denial of service, or information disclosure.

Affected Software

VendorProductVersion RangeStatus
NVIDIANVIDIA Virtual GPU Software and NVIDIA Cloud GamingvGPU version 14.x (prior to 14.2), version 13.x (prior to 13.4) and version 11.x (prior 11.9).affected

Weaknesses

  • CWE-285: CWE-285 Improper Authorization

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References