Description
NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could execute privileged operations. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service.
In plain language
AI Worth attentionCVE-2024-0084 is a security weakness in NVIDIA vGPU software for Linux’s Virtual GPU Manager that could let code inside a guest machine do harmful privileged actions; typical small businesses should worry mainly if they run cloud gaming or virtual GPU workloads on NVIDIA vGPU.
CVE-2024-0084 is a privilege-escalation class issue in NVIDIA vGPU software for Linux (Virtual GPU Manager) where guest OS code could execute privileged operations, potentially leading to information disclosure, data tampering, privilege escalation, or denial of service; it’s not known to be actively exploited in the CISA KEV list.
What to do now
- Check which NVIDIA vGPU software for Linux version you are running and whether you use the Virtual GPU Manager for virtual GPU / cloud gaming.
- If you are affected, plan an update to the fixed releases: virtual gpu (fixed in 13.11) and cloud gaming (fixed in 555.52.04).
- If you cannot patch immediately, restrict access to the guest environment and reduce who/what can run code inside those guest systems, then schedule the upgrade as soon as possible.
CVSS Vector Breakdown
AV:LAttack VectorAC:LAttack ComplexityPR:LPrivileges RequiredUI:NUser InteractionS:UScopeC:HConfidentialityI:HIntegrityA:HAvailabilityWeaknesses
Affected Products
Exploitability
Attack Graph
Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/⌘ + scroll to zoom, or go fullscreen.
MITRE ATT&CK
2 techniquesReferences
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2024-0084 and every CVE in our database. Create a free account — no credit card required.
Create Free Account