What is the severity of CVE-2024-0085?

CVE-2024-0085 is considered a high severity vulnerability that can lead to data tampering and privilege escalation.

How do I fix CVE-2024-0085?

To fix CVE-2024-0085, you should update NVIDIA vGPU software to the latest version available that addresses this vulnerability.

What can be exploited in CVE-2024-0085?

CVE-2024-0085 allows unprivileged users to execute privileged operations on the host, leading to potential data tampering and denial of service.

Which versions of NVIDIA vGPU software are affected by CVE-2024-0085?

CVE-2024-0085 affects NVIDIA vGPU software versions up to 13.11 and between 14.0 to 17.2.

Is there a risk of denial of service with CVE-2024-0085?

Yes, the exploitation of CVE-2024-0085 can result in denial of service conditions.

Vulnerability/
CVE-2024-0085

high

7.8

CWE

266

13/6/2024

19/8/2024

CVE-2024-0085: CVE

First published: Thu Jun 13 2024(Updated: )

NVIDIA vGPU software for Windows and Linux contains a vulnerability where unprivileged users could execute privileged operations on the host. A successful exploit of this vulnerability might lead to data tampering, escalation of privileges, and denial of service.

Credit: psirt@nvidia.com

Affected Software	Affected Version	How to fix
All of
Any of
NVIDIA vGPU Software	<13.11
NVIDIA vGPU Software	>=14.0<16.6
NVIDIA vGPU Software	>=17.0<17.2
Any of
VMware vSphere
Ubuntu
Citrix Hypervisor
Red Hat Enterprise Linux Kernel-based Virtual Machine
All of
NVIDIA Cloud Gaming	<555.52.04
Any of
Red Hat Enterprise Linux Kernel-based Virtual Machine
VMware vSphere
All of
NVIDIA vGPU Software	<17.2
Microsoft Azure Stack HCI

Never miss a vulnerability like this again

Reference Links

https://nvidia.custhelp.com/app/answers/detail/a_id/5551

Frequently Asked Questions

What is the severity of CVE-2024-0085?
CVE-2024-0085 is considered a high severity vulnerability that can lead to data tampering and privilege escalation.
How do I fix CVE-2024-0085?
To fix CVE-2024-0085, you should update NVIDIA vGPU software to the latest version available that addresses this vulnerability.
What can be exploited in CVE-2024-0085?
CVE-2024-0085 allows unprivileged users to execute privileged operations on the host, leading to potential data tampering and denial of service.
Which versions of NVIDIA vGPU software are affected by CVE-2024-0085?
CVE-2024-0085 affects NVIDIA vGPU software versions up to 13.11 and between 14.0 to 17.2.
Is there a risk of denial of service with CVE-2024-0085?
Yes, the exploitation of CVE-2024-0085 can result in denial of service conditions.

agent/references
agent/weakness
agent/title
agent/first-publish-date
agent/type
agent/description
agent/author
agent/event
agent/severity
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
agent/softwarecombine
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/nvidia
canonical/nvidia vgpu software
version/nvidia vgpu software/14.0
version/nvidia vgpu software/17.0
vendor/vmware
canonical/vmware vsphere
vendor/canonical
canonical/ubuntu
vendor/citrix
canonical/citrix hypervisor
vendor/redhat
canonical/red hat enterprise linux kernel-based virtual machine
canonical/nvidia cloud gaming
vendor/microsoft
canonical/microsoft azure stack hci

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.