CVE-2023-25517

Summary

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering.

Affected Software

VendorProductVersion RangeStatus
NVIDIAvGPU softwareAll versions prior to and including 15.2, 13.7, and 11.12, and all versions prior to and including the May 2023 releaseaffected

Weaknesses

  • CWE-285: CWE-285

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References