Permissions, Privileges, and Access Controls in NVIDIA vGPU software (Virtual GPU Manager) Driver - CVE-2023-25517

 

Permissions, Privileges, and Access Controls in NVIDIA vGPU software (Virtual GPU Manager) Driver - CVE-2023-25517

Published: June 26, 2023


Vulnerability identifier: #VU77707
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-25517
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: nVidia
Affected software:
NVIDIA vGPU software (Virtual GPU Manager) Driver

Detailed vulnerability description

The vulnerability allows an attacker on the guest OS to gain access to sensitive information.

The vulnerability exists due to improperly imposed security restrictions. An attacker on the guest OS can gain access to sensitive information or tamper data.


How to mitigate CVE-2023-25517

Install updates from vendor's website.

Sources