CVE-2024-0093

2024-06-1322:15:12

CWE-200

[email protected]

web.nvd.nist.gov

nvidia gpu linux vulnerability

information exposure

unauthorized access

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

9.0%

JSON

NVIDIA GPU software for Linux contains a vulnerability where it can expose sensitive information to an actor that is not explicitly authorized to have access to that information. A successful exploit of this vulnerability might lead to information disclosure.

Affected configurations

Nvd

Node

nvidiavirtual_gpuRange<13.11

nvidiavirtual_gpuRange14.0–16.6

nvidiavirtual_gpuRange17.0–17.2

AND

canonicalubuntu_linuxMatch-

citrixhypervisorMatch-

redhatenterprise_linux_kernel-based_virtual_machineMatch-

vmwarevsphereMatch-

Node

nvidiacloud_gamingRange<555.52.04

AND

redhatenterprise_linux_kernel-based_virtual_machineMatch-

vmwarevsphereMatch-

VendorProductVersionCPE
nvidiavirtual_gpu*cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*
canonicalubuntu_linux-cpe:2.3:o:canonical:ubuntu_linux:-:*:*:*:*:*:*:*
citrixhypervisor-cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*
redhatenterprise_linux_kernel-based_virtual_machine-cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*
vmwarevsphere-cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*
nvidiacloud_gaming*cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nvidia	virtual_gpu	*	cpe:2.3:a:nvidia:virtual_gpu::::::::
canonical	ubuntu_linux	-	cpe:2.3:o:canonical:ubuntu_linux:-:::::::*
citrix	hypervisor	-	cpe:2.3:o:citrix:hypervisor:-:::::::*
redhat	enterprise_linux_kernel-based_virtual_machine	-	cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:::::::*
vmware	vsphere	-	cpe:2.3:o:vmware:vsphere:-:::::::*
nvidia	cloud_gaming	*	cpe:2.3:a:nvidia:cloud_gaming::::::::