Lucene search

NvidiaCVE-2024-0093

HistoryJun 13, 2024 - 10:15 p.m.

CVE-2024-0093

2024-06-1322:15:12

CWE-200

nvidia

web.nvd.nist.gov

nvidia

gpu

software

vulnerability

sensitive information

linux

exploit

information disclosure

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

AI Score

6.2

Confidence

High

EPSS

Percentile

9.0%

JSON

NVIDIA GPU software for Linux contains a vulnerability where it can expose sensitive information to an actor that is not explicitly authorized to have access to that information. A successful exploit of this vulnerability might lead to information disclosure.

Affected configurations

Nvd

Node

nvidiavirtual_gpuRange<13.11

nvidiavirtual_gpuRange14.0–16.6

nvidiavirtual_gpuRange17.0–17.2

AND

canonicalubuntu_linuxMatch-

citrixhypervisorMatch-

redhatenterprise_linux_kernel-based_virtual_machineMatch-

vmwarevsphereMatch-

Node

nvidiacloud_gamingRange<555.52.04

AND

redhatenterprise_linux_kernel-based_virtual_machineMatch-

vmwarevsphereMatch-

VendorProductVersionCPE
nvidiavirtual_gpu*cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*
canonicalubuntu_linux-cpe:2.3:o:canonical:ubuntu_linux:-:*:*:*:*:*:*:*
citrixhypervisor-cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*
redhatenterprise_linux_kernel-based_virtual_machine-cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*
vmwarevsphere-cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*
nvidiacloud_gaming*cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nvidia	virtual_gpu	*	cpe:2.3:a:nvidia:virtual_gpu::::::::
canonical	ubuntu_linux	-	cpe:2.3:o:canonical:ubuntu_linux:-:::::::*
citrix	hypervisor	-	cpe:2.3:o:citrix:hypervisor:-:::::::*
redhat	enterprise_linux_kernel-based_virtual_machine	-	cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:::::::*
vmware	vsphere	-	cpe:2.3:o:vmware:vsphere:-:::::::*
nvidia	cloud_gaming	*	cpe:2.3:a:nvidia:cloud_gaming::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "vGPU software and Cloud Gaming",
    "vendor": "nvidia",
    "versions": [
      {
        "status": "affected",
        "version": "All versions up to and including 17.1, 16.5, 13.10, and the April 2024 release"
      }
    ]
  }
]