Permissions, Privileges, and Access Controls in NVIDIA vGPU software (Virtual GPU Manager) Driver - CVE-2023-25517
Published: June 26, 2023
Vulnerability identifier: #VU77707
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-25517
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: nVidia
Affected software:
NVIDIA vGPU software (Virtual GPU Manager) Driver
NVIDIA vGPU software (Virtual GPU Manager) Driver
Detailed vulnerability description
The vulnerability allows an attacker on the guest OS to gain access to sensitive information.
The vulnerability exists due to improperly imposed security restrictions. An attacker on the guest OS can gain access to sensitive information or tamper data.
How to mitigate CVE-2023-25517
Install updates from vendor's website.