CVE-2024-0085

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-0085

6.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

N

VIDIA vGPU software for Windows and Linux contains a vulnerability where unprivileged users could execute privileged operations on the host. A successful exploit of this vulnerability might lead to data tampering, escalation of privileges, and denial of service.

References
Link Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5551 Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5551 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*
OR cpe:2.3:a:vmware:vsphere:-:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:-:*:*:*:*:*:*:*
cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*
OR cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*
cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:azure_stack_hci:-:*:*:*:*:*:*:*
History

21 Nov 2024, 08:45

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.8 		v2 : unknown
v3 : 6.3
References () https://nvidia.custhelp.com/app/answers/detail/a_id/5551 - Vendor Advisory () https://nvidia.custhelp.com/app/answers/detail/a_id/5551 - Vendor Advisory

15 Aug 2024, 22:03

Type Values Removed Values Added
CPE cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:azure_stack_hci:-:*:*:*:*:*:*:*
cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:-:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vsphere:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 6.3 		v2 : unknown
v3 : 7.8
First Time Vmware vsphere
Citrix
Microsoft azure Stack Hci
Nvidia
Nvidia virtual Gpu
Canonical ubuntu Linux
Redhat enterprise Linux Kernel-based Virtual Machine
Redhat
Nvidia cloud Gaming
Canonical
Citrix hypervisor
Microsoft
Vmware
References () https://nvidia.custhelp.com/app/answers/detail/a_id/5551 - () https://nvidia.custhelp.com/app/answers/detail/a_id/5551 - Vendor Advisory
CWE NVD-CWE-Other

17 Jun 2024, 12:43

Type Values Removed Values Added
Summary
  • (es) El software NVIDIA vGPU para Windows y Linux contiene una vulnerabilidad por la que usuarios sin privilegios podrían ejecutar operaciones privilegiadas en el host. Una explotación exitosa de esta vulnerabilidad podría provocar manipulación de datos, escalada de privilegios y denegación de servicio.

13 Jun 2024, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-13 22:15

Updated : 2024-11-21 08:45

NVD link : CVE-2024-0085

Mitre link : CVE-2024-0085

CVE.ORG link : CVE-2024-0085

JSON object : View

Products Affected

redhat

nvidia

vmware

citrix

canonical

microsoft

CWE
CWE-266

Incorrect Privilege Assignment

NVD-CWE-Other