Severity
High
Analysis Summary
CVE-2022-31609 CVSS:7.8
NVIDIA vGPU could allow a local authenticated attacker to bypass security restrictions, caused by allowing unauthorized guests to allocate resources in the Virtual GPU Manager (vGPU plugin). By sending a specially crafted request, an attacker could exploit this vulnerability to cause the loss of data integrity and confidentiality, denial of service, or information disclosure.
CVE-2022-31614 CVSS:7
NVIDIA vGPU could allow a local attacker to execute arbitrary code on the system, caused by a double-free in the Virtual GPU Manager (vGPU plugin). By sending a specially crafted request, an attacker could exploit this vulnerability to cause a denial of service, code execution, and information disclosure.
CVE-2022-31618 CVSS:5.5
NVIDIA vGPU is vulnerable to a denial of service, caused by a NULL pointer dereference in the Virtual GPU Manager (vGPU plugin). By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
Impact
- Security bypass
- Code Execution
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2022-31609
- CVE-2022-31614
- CVE-2022-31618
Affected Vendors
NVIDIA
Affected Products
NVIDIA vGPU software
Remediation
Refer to NVIDIA Security Advisory for patch, upgrade or suggested workaround information.
NVIDIA Security Advisory