7.1

CVE-2023-0185

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where sign conversion issuescasting an unsigned primitive to signed may lead to denial of service or information disclosure.

Data is provided by the National Vulnerability Database (NVD)
NvidiaVirtual Gpu Version < 11.12
   CitrixHypervisor Version-
   RedhatEnterprise Linux Kernel-based Virtual Machine Version-
   VMwareVsphere Version-
NvidiaVirtual Gpu Version >= 13.0 < 13.7
   CitrixHypervisor Version-
   RedhatEnterprise Linux Kernel-based Virtual Machine Version-
   VMwareVsphere Version-
NvidiaVirtual Gpu Version >= 15.0 < 15.2
   CitrixHypervisor Version-
   RedhatEnterprise Linux Kernel-based Virtual Machine Version-
   VMwareVsphere Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.03% 0.07
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
psirt@nvidia.com 6.7 0.8 5.3
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H
CWE-196 Unsigned to Signed Conversion Error

The product uses an unsigned primitive and performs a cast to a signed primitive, which can produce an unexpected value if the value of the unsigned primitive can not be represented using a signed primitive.

CWE-681 Incorrect Conversion between Numeric Types

When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.