CVE-2023-0197

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious user in a guest VM can cause a NULL-pointer dereference, which may lead to denial of service.

CVSS v3.0 6.5 MEDIUM

6.5^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.0 / Impact : 4.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5452	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:nvidia:virtual_gpu::::::::
	cpe:2.3:a:nvidia:virtual_gpu::::::::
	cpe:2.3:a:nvidia:virtual_gpu::::::::

OR	cpe:2.3:o:citrix:hypervisor:-:::::::*
	cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:::::::*
	cpe:2.3:o:vmware:vsphere:-:::::::*

History

10 Apr 2023, 14:04

Type	Values Removed	Values Added
CPE		cpe:2.3:o:citrix:hypervisor:-:::::::* cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:::::::* cpe:2.3:o:vmware:vsphere:-:::::::* cpe:2.3:a:nvidia:virtual_gpu::::::::
First Time		Vmware vsphere Redhat Citrix hypervisor Citrix Vmware Redhat enterprise Linux Kernel-based Virtual Machine Nvidia virtual Gpu Nvidia
CWE		CWE-476
References	~~(MISC) https://nvidia.custhelp.com/app/answers/detail/a_id/5452 -~~	(MISC) https://nvidia.custhelp.com/app/answers/detail/a_id/5452 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5

Information

Published : 2023-04-01 05:15

Updated : 2023-04-10 14:04

NVD link : CVE-2023-0197

Mitre link : CVE-2023-0197

JSON object : View

Products Affected

nvidia

virtual_gpu

citrix

hypervisor

redhat

enterprise_linux_kernel-based_virtual_machine

vmware

vsphere

CWE

CWE-476

NULL Pointer Dereference

6.5 /10