7.8

CVE-2024-0084

NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could execute privileged operations. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service.

Data is provided by the National Vulnerability Database (NVD)
NvidiaVirtual Gpu Version < 13.11
   CanonicalUbuntu Linux Version-
   CitrixHypervisor Version-
   RedhatEnterprise Linux Kernel-based Virtual Machine Version-
   VMwareVsphere Version-
NvidiaVirtual Gpu Version >= 14.0 < 16.6
   CanonicalUbuntu Linux Version-
   CitrixHypervisor Version-
   RedhatEnterprise Linux Kernel-based Virtual Machine Version-
   VMwareVsphere Version-
NvidiaVirtual Gpu Version >= 17.0 < 17.2
   CanonicalUbuntu Linux Version-
   CitrixHypervisor Version-
   RedhatEnterprise Linux Kernel-based Virtual Machine Version-
   VMwareVsphere Version-
NvidiaCloud Gaming Version < 555.52.04
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.15% 0.356
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
psirt@nvidia.com 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-250 Execution with Unnecessary Privileges

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.