CVE-2024-0128

Summary

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager that allows a user of the guest OS to access global resources. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges.

Affected Software

VendorProductVersion RangeStatus
NVIDIAvGPU and Cloud GamingAll versions prior to 17.4, 16.8, and the October 2024 releaseaffected

Weaknesses

  • CWE-732: CWE-732 Incorrect Permission Assignment for Critical Resource

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References