NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service.
References
Link | Resource |
---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5415 | Vendor Advisory |
https://security.gentoo.org/glsa/202310-02 | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
19 Oct 2023, 01:33
Type | Values Removed | Values Added |
---|---|---|
References | (GENTOO) https://security.gentoo.org/glsa/202310-02 - Third Party Advisory |
03 Oct 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Jan 2023, 20:21
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://nvidia.custhelp.com/app/answers/detail/a_id/5415 - Vendor Advisory | |
CPE | cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:* cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:* cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:* cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:* cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:* cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:* cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:* cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:* cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:* cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:* |
|
CWE | CWE-120 | |
First Time |
Citrix hypervisor
Nvidia rtx Linux linux Kernel Vmware Nvidia virtual Gpu Vmware vsphere Nvidia geforce Nvidia Nvidia cloud Gaming Redhat Citrix Linux Nvidia nvs Nvidia quadro Nvidia tesla Nvidia gpu Display Driver Redhat enterprise Linux Kernel-based Virtual Machine |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
30 Dec 2022, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-12-30 23:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-42261
Mitre link : CVE-2022-42261
CVE.ORG link : CVE-2022-42261
JSON object : View
Products Affected
nvidia
- cloud_gaming
- tesla
- nvs
- quadro
- gpu_display_driver
- virtual_gpu
- rtx
- geforce
citrix
- hypervisor
vmware
- vsphere
linux
- linux_kernel
redhat
- enterprise_linux_kernel-based_virtual_machine
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')