Detections
Analytics

NVIDIA Virtual GPU Manager Multiple Vulnerabilities (October 2023)

high Nessus Plugin ID 185434

Language:

Synopsis

A GPU virtualization application installed on the remote host is affected by multiple vulnerabilities.

Description

The NVIDIA Virtual GPU Manager software on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, including the following:

 - NVIDIA GPU Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a NULL-pointer dereference, which may lead to denial of service. (CVE‑2023‑31018)

 - NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a malicious user in the guest VM can cause a NULL-pointer dereference, which may lead to denial of service. (CVE‑2023‑31021)

 - NVIDIA GPU Display Driver for Windows contains a vulnerability that allows Windows users with low levels of privilege to escalate privileges when an administrator is updating GPU drivers, which may lead to escalation of privileges. (CVE-2023-31027) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the NVIDIA vGPU Manager software in accordance with the vendor advisory.

See Also

http://www.nessus.org/u?da28f73d

Plugin Details

Severity: High

ID: 185434

File Name: nvidia_vgpu_2023_10.nasl

Version: 1.7

Type: local

Family: Misc.

Published: 11/9/2023

Updated: 3/8/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2023-31016

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2023-31017

Vulnerability Information

CPE: cpe:/a:nvidia:virtual_gpu_manager

Required KB Items: installed_sw/NVIDIA Virtual GPU Manager

Exploit Ease: No known exploits are available

Patch Publication Date: 11/1/2023

Vulnerability Publication Date: 11/1/2023

Reference Information

CVE: CVE-2023-31016, CVE-2023-31017, CVE-2023-31018, CVE-2023-31019, CVE-2023-31020, CVE-2023-31021, CVE-2023-31022, CVE-2023-31023, CVE-2023-31026, CVE-2023-31027

IAVA: 2023-A-0603-S