Main Vulnerability Database SB2023062641

SB2023062641 - Multiple vulnerabilities in NVIDIA vGPU software

Published: June 26, 2023

Security Bulletin ID SB2023062641

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Integer overflow (CVE-ID: CVE-2023-25516)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to integer overflow. A local user can trigger an integer overflow and gain access to sensitive information or crash the kernel.

2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-25517)

The vulnerability allows an attacker on the guest OS to gain access to sensitive information.

The vulnerability exists due to improperly imposed security restrictions. An attacker on the guest OS can gain access to sensitive information or tamper data.

Remediation

Install update from vendor's website.

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5468