Vulnerability-Lookup

CVE-2023-0181 (GCVE-0-2023-0181)

Vulnerability from cvelistv5 – Published: 2023-04-01 04:30 – Updated: 2025-02-13 16:38

Summary

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering.

Severity

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CWE

CWE-280 - Improper Handling of Insufficient Permissions or Privileges

Assigner

nvidia

References

2 references

URL	Tags
https://nvidia.custhelp.com/app/answers/detail/a_…
https://security.gentoo.org/glsa/202310-02

Impacted products

1 product

Vendor	Product	Version
NVIDIA	vGPU software (guest driver - Windows), vGPU software (guest driver - Linux), vGPU software (Virtual GPU Manager - Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux KVM), NVIDIA Cloud Gaming (guest driver - Windows), NVIDIA Cloud Gaming (guest driver - Linux), NVIDIA Cloud Gaming (Virtual GPU Manager - Red Hat Enterprise Linux KVM)	Affected: All versions prior to and including 15.1, 13.6, 11.11, and all versions prior to and including February 2023 release

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:02:44.096Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5452"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202310-02"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-0181",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T16:42:50.425207Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T16:42:58.467Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "vGPU software (guest driver - Windows), vGPU software (guest driver - Linux), vGPU software (Virtual GPU Manager - Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux KVM), NVIDIA Cloud Gaming (guest driver - Windows), NVIDIA Cloud Gaming (guest driver - Linux), NVIDIA Cloud Gaming (Virtual GPU Manager - Red Hat Enterprise Linux KVM)",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to and including 15.1, 13.6, 11.11, and all versions prior to and including February 2023 release"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": true,
              "type": "text/html",
              "value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering."
            }
          ],
          "value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Data Tampering, Denial of Service"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-280",
              "description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-03T14:07:16.827Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5452"
        },
        {
          "url": "https://security.gentoo.org/glsa/202310-02"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2023-0181",
    "datePublished": "2023-04-01T04:30:27.930Z",
    "dateReserved": "2023-01-11T05:48:39.438Z",
    "dateUpdated": "2025-02-13T16:38:44.245Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-0181",
      "date": "2026-05-27",
      "epss": "0.0005",
      "percentile": "0.15892"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.12\", \"matchCriteriaId\": \"81A64668-3B60-402B-B0EF-919079700FB9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0\", \"versionEndExcluding\": \"13.7\", \"matchCriteriaId\": \"65AFFB06-AC6E-426A-97D0-768F34853D6A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.0\", \"versionEndExcluding\": \"15.2\", \"matchCriteriaId\": \"41388772-0B7C-4238-8021-590D0F1C0CE8\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7AE5C32-E060-44BA-8C13-3D73204191EE\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"06C8B1C5-6401-45F9-8D3E-47E32067F428\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8E4A22C5-B3E1-4106-997C-D1C845F2C1EE\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering.\"}]",
      "id": "CVE-2023-0181",
      "lastModified": "2024-11-21T07:36:41.983",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@nvidia.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H\", \"baseScore\": 7.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.2}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H\", \"baseScore\": 7.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.2}]}",
      "published": "2023-04-01T05:15:07.713",
      "references": "[{\"url\": \"https://nvidia.custhelp.com/app/answers/detail/a_id/5452\", \"source\": \"psirt@nvidia.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202310-02\", \"source\": \"psirt@nvidia.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://nvidia.custhelp.com/app/answers/detail/a_id/5452\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202310-02\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "psirt@nvidia.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"psirt@nvidia.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-280\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-276\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-0181\",\"sourceIdentifier\":\"psirt@nvidia.com\",\"published\":\"2023-04-01T05:15:07.713\",\"lastModified\":\"2024-11-21T07:36:41.983\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@nvidia.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"psirt@nvidia.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-280\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-276\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.12\",\"matchCriteriaId\":\"81A64668-3B60-402B-B0EF-919079700FB9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0\",\"versionEndExcluding\":\"13.7\",\"matchCriteriaId\":\"65AFFB06-AC6E-426A-97D0-768F34853D6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0\",\"versionEndExcluding\":\"15.2\",\"matchCriteriaId\":\"41388772-0B7C-4238-8021-590D0F1C0CE8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7AE5C32-E060-44BA-8C13-3D73204191EE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06C8B1C5-6401-45F9-8D3E-47E32067F428\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E4A22C5-B3E1-4106-997C-D1C845F2C1EE\"}]}]}],\"references\":[{\"url\":\"https://nvidia.custhelp.com/app/answers/detail/a_id/5452\",\"source\":\"psirt@nvidia.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202310-02\",\"source\":\"psirt@nvidia.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://nvidia.custhelp.com/app/answers/detail/a_id/5452\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202310-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://nvidia.custhelp.com/app/answers/detail/a_id/5452\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202310-02\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T05:02:44.096Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-0181\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-11T16:42:50.425207Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-11T16:42:42.924Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"descriptions\": [{\"lang\": \"en\", \"value\": \"Data Tampering, Denial of Service\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"NVIDIA\", \"product\": \"vGPU software (guest driver - Windows), vGPU software (guest driver - Linux), vGPU software (Virtual GPU Manager - Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux KVM), NVIDIA Cloud Gaming (guest driver - Windows), NVIDIA Cloud Gaming (guest driver - Linux), NVIDIA Cloud Gaming (Virtual GPU Manager - Red Hat Enterprise Linux KVM)\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions prior to and including 15.1, 13.6, 11.11, and all versions prior to and including February 2023 release\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://nvidia.custhelp.com/app/answers/detail/a_id/5452\"}, {\"url\": \"https://security.gentoo.org/glsa/202310-02\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering.\", \"base64\": true}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-280\", \"description\": \"CWE-280: Improper Handling of Insufficient Permissions or Privileges\"}]}], \"providerMetadata\": {\"orgId\": \"9576f279-3576-44b5-a4af-b9a8644b2de6\", \"shortName\": \"nvidia\", \"dateUpdated\": \"2023-04-01T04:30:27.930Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-0181\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-11T16:42:58.467Z\", \"dateReserved\": \"2023-01-11T05:48:39.438Z\", \"assignerOrgId\": \"9576f279-3576-44b5-a4af-b9a8644b2de6\", \"datePublished\": \"2023-04-01T04:30:27.930Z\", \"assignerShortName\": \"nvidia\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

BDU:2023-01887

Vulnerability from fstec - Published: 30.03.2023

Title

Уязвимость режима ядра микропрограммного обеспечения графических процессоров NVIDIA GeForce, Studio, RTX/Quadro, NVS и Tesla, позволяющая нарушителю проводить спуфинг-атаки или вызвать отказ в обслуживании

Description

Уязвимость режима ядра микропрограммного обеспечения графических процессоров NVIDIA GeForce, Studio, RTX/Quadro, NVS и Tesla связана с некорректной обработкой недостаточных разрешений или привилегий. Эксплуатация уязвимости может позволить нарушителю проводить спуфинг-атаки или вызвать отказ в обслуживании

Severity


                    
                      AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Vendor

NVIDIA Corp.

Software Name

GeForce R530, Studio R530, Studio R525, NVIDIA RTX/Quadro R530, NVIDIA RTX/Quadro R525, NVIDIA RTX/Quadro R515, NVIDIA RTX/Quadro R470, NVS R530, NVS R525, NVS R515, NVS R470, Tesla R525, Tesla R515, Tesla R470, vGPU, Cloud Gaming Guest Driver, Cloud Gaming Virtual GPU Manager

Software Version

до 531.41 (GeForce R530), до 531.41 (Studio R530), до 528.89 (Studio R525), до 531.41 (NVIDIA RTX/Quadro R530), до 528.89 (NVIDIA RTX/Quadro R525), до 518.03 (NVIDIA RTX/Quadro R515), до 474.30 (NVIDIA RTX/Quadro R470), до 531.41 (NVS R530), до 528.89 (NVS R525), до 518.03 (NVS R515), до 474.30 (NVS R470), до 528.89 (Tesla R525), до 518.03 (Tesla R515), до 474.30 (Tesla R470), от 15.0 до 15.2 (vGPU), от 13.0 до 13.6 включительно (vGPU), до 528.49 (Cloud Gaming Guest Driver), до 525.89.02 (Cloud Gaming Guest Driver), до 525.89.02 (Cloud Gaming Virtual GPU Manager)

Possible Mitigations

Использование рекомендаций: https://nvidia.custhelp.com/app/answers/detail/a_id/5452

Reference

https://nvidia.custhelp.com/app/answers/detail/a_id/5452

CWE

CWE-280

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:N/C:N/I:C/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "NVIDIA Corp.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 531.41 (GeForce R530), \u0434\u043e 531.41 (Studio R530), \u0434\u043e 528.89 (Studio R525), \u0434\u043e 531.41 (NVIDIA RTX/Quadro R530), \u0434\u043e 528.89 (NVIDIA RTX/Quadro R525), \u0434\u043e 518.03 (NVIDIA RTX/Quadro R515), \u0434\u043e 474.30 (NVIDIA RTX/Quadro R470), \u0434\u043e 531.41 (NVS R530), \u0434\u043e 528.89 (NVS R525), \u0434\u043e 518.03 (NVS R515), \u0434\u043e 474.30 (NVS R470), \u0434\u043e 528.89 (Tesla R525), \u0434\u043e 518.03 (Tesla R515), \u0434\u043e 474.30 (Tesla R470), \u043e\u0442 15.0 \u0434\u043e 15.2 (vGPU), \u043e\u0442 13.0 \u0434\u043e 13.6 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (vGPU), \u0434\u043e 528.49 (Cloud Gaming Guest Driver), \u0434\u043e 525.89.02 (Cloud Gaming Guest Driver), \u0434\u043e 525.89.02 (Cloud Gaming Virtual GPU Manager)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://nvidia.custhelp.com/app/answers/detail/a_id/5452",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "30.03.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "07.04.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "07.04.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-01887",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-0181",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "GeForce R530, Studio R530, Studio R525, NVIDIA RTX/Quadro R530, NVIDIA RTX/Quadro R525, NVIDIA RTX/Quadro R515, NVIDIA RTX/Quadro R470, NVS R530, NVS R525, NVS R515, NVS R470, Tesla R525, Tesla R515, Tesla R470, vGPU, Cloud Gaming Guest Driver, Cloud Gaming Virtual GPU Manager",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0436\u0438\u043c\u0430 \u044f\u0434\u0440\u0430 \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 NVIDIA GeForce, Studio, RTX/Quadro, NVS \u0438 Tesla, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0441\u043f\u0443\u0444\u0438\u043d\u0433-\u0430\u0442\u0430\u043a\u0438 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u0430\u044f \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u044b\u0445 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0439 \u0438\u043b\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 (CWE-280)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0436\u0438\u043c\u0430 \u044f\u0434\u0440\u0430 \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 NVIDIA GeForce, Studio, RTX/Quadro, NVS \u0438 Tesla \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u043e\u0439 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u044b\u0445 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0439 \u0438\u043b\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0441\u043f\u0443\u0444\u0438\u043d\u0433-\u0430\u0442\u0430\u043a\u0438 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvidia.custhelp.com/app/answers/detail/a_id/5452",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u044b\u0445 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-280",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,6)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,1)"
}

FKIE_CVE-2023-0181

Vulnerability from fkie_nvd - Published: 2023-04-01 05:15 - Updated: 2024-11-21 07:36

Severity

7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Summary

References

URL	Tags
psirt@nvidia.com	https://nvidia.custhelp.com/app/answers/detail/a_id/5452	Vendor Advisory
psirt@nvidia.com	https://security.gentoo.org/glsa/202310-02	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://nvidia.custhelp.com/app/answers/detail/a_id/5452	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202310-02	Third Party Advisory

Impacted products

Vendor	Product	Version
nvidia	virtual_gpu	*
nvidia	virtual_gpu	*
nvidia	virtual_gpu	*
citrix	hypervisor	-
linux	linux_kernel	-
microsoft	windows	-
redhat	enterprise_linux_kernel-based_virtual_machine	-
vmware	vsphere	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "81A64668-3B60-402B-B0EF-919079700FB9",
              "versionEndExcluding": "11.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "65AFFB06-AC6E-426A-97D0-768F34853D6A",
              "versionEndExcluding": "13.7",
              "versionStartIncluding": "13.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "41388772-0B7C-4238-8021-590D0F1C0CE8",
              "versionEndExcluding": "15.2",
              "versionStartIncluding": "15.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E4A22C5-B3E1-4106-997C-D1C845F2C1EE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering."
    }
  ],
  "id": "CVE-2023-0181",
  "lastModified": "2024-11-21T07:36:41.983",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.2,
        "source": "psirt@nvidia.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-04-01T05:15:07.713",
  "references": [
    {
      "source": "psirt@nvidia.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5452"
    },
    {
      "source": "psirt@nvidia.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202310-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5452"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202310-02"
    }
  ],
  "sourceIdentifier": "psirt@nvidia.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-280"
        }
      ],
      "source": "psirt@nvidia.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-276"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-2QWV-XP73-79CX

Vulnerability from github – Published: 2023-04-01 06:31 – Updated: 2023-04-10 18:30

Details

Severity

7.1 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-0181"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276",
      "CWE-280"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-01T05:15:00Z",
    "severity": "HIGH"
  },
  "details": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering.",
  "id": "GHSA-2qwv-xp73-79cx",
  "modified": "2023-04-10T18:30:22Z",
  "published": "2023-04-01T06:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0181"
    },
    {
      "type": "WEB",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5452"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202310-02"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2023-0181

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-0181

Aliases

CVE-2023-0181

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-0181",
    "id": "GSD-2023-0181"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-0181"
      ],
      "details": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering.",
      "id": "GSD-2023-0181",
      "modified": "2023-12-13T01:20:23.182615Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@nvidia.com",
        "ID": "CVE-2023-0181",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "vGPU software (guest driver - Windows), vGPU software (guest driver - Linux), vGPU software (Virtual GPU Manager - Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux KVM), NVIDIA Cloud Gaming (guest driver - Windows), NVIDIA Cloud Gaming (guest driver - Linux), NVIDIA Cloud Gaming (Virtual GPU Manager - Red Hat Enterprise Linux KVM)",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions prior to and including 15.1, 13.6, 11.11, and all versions prior to and including February 2023 release"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "NVIDIA"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-280",
                "lang": "eng",
                "value": "CWE-280: Improper Handling of Insufficient Permissions or Privileges"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5452",
            "refsource": "MISC",
            "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5452"
          },
          {
            "name": "https://security.gentoo.org/glsa/202310-02",
            "refsource": "MISC",
            "url": "https://security.gentoo.org/glsa/202310-02"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "11.12",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "13.7",
                    "versionStartIncluding": "13.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "15.2",
                    "versionStartIncluding": "15.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@nvidia.com",
          "ID": "CVE-2023-0181"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-276"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5452",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5452"
            },
            {
              "name": "https://security.gentoo.org/glsa/202310-02",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202310-02"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.2
        }
      },
      "lastModifiedDate": "2023-10-19T01:27Z",
      "publishedDate": "2023-04-01T05:15Z"
    }
  }
}

WID-SEC-W-2023-0810

Vulnerability from csaf_certbund - Published: 2023-03-30 22:00 - Updated: 2024-03-03 23:00

Summary

Nvidia Treiber: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: NVidia ist ein Hersteller von Grafikkarten.

Angriff: Ein Angreifer kann mehrere Schwachstellen im Nvidia Treiber ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien zu erweitern und Daten zu manipulieren.

Betroffene Betriebssysteme: - BIOS/Firmware

CVE-2023-0199

Im Nvidia Treiber existieren mehrere Schwachstellen. Die Fehler bestehen u.a. aufgrund fehlerhafter Speicherüberprüfungen, unzulässiger Lese-, Schreib- und Zugriffsvorgänge und unzulässiger Einschränkungen von Operationen. Ein lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erhöhte Rechte.

Affected products

Known affected 7 products

Product	Identifier	Version
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
HP Computer HP	`cpe:/h:hp:computer:-`	—
Nvidia Treiber Nvidia	`cpe:/a:nvidia:display_driver:-`	—
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7

CVE-2023-0198

Affected products

Known affected 7 products

Product	Identifier	Version
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
HP Computer HP	`cpe:/h:hp:computer:-`	—
Nvidia Treiber Nvidia	`cpe:/a:nvidia:display_driver:-`	—
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7

CVE-2023-0197

Affected products

Known affected 7 products

Product	Identifier	Version
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
HP Computer HP	`cpe:/h:hp:computer:-`	—
Nvidia Treiber Nvidia	`cpe:/a:nvidia:display_driver:-`	—
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7

CVE-2023-0195

Affected products

Known affected 7 products

Product	Identifier	Version
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
HP Computer HP	`cpe:/h:hp:computer:-`	—
Nvidia Treiber Nvidia	`cpe:/a:nvidia:display_driver:-`	—
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7

CVE-2023-0194

Affected products

Known affected 7 products

Product	Identifier	Version
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
HP Computer HP	`cpe:/h:hp:computer:-`	—
Nvidia Treiber Nvidia	`cpe:/a:nvidia:display_driver:-`	—
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7

CVE-2023-0192

Affected products

Known affected 7 products

Product	Identifier	Version
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
HP Computer HP	`cpe:/h:hp:computer:-`	—
Nvidia Treiber Nvidia	`cpe:/a:nvidia:display_driver:-`	—
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7

CVE-2023-0191

Affected products

Known affected 7 products

Product	Identifier	Version
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
HP Computer HP	`cpe:/h:hp:computer:-`	—
Nvidia Treiber Nvidia	`cpe:/a:nvidia:display_driver:-`	—
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7

CVE-2023-0190

Affected products

Known affected 7 products

Product	Identifier	Version
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
HP Computer HP	`cpe:/h:hp:computer:-`	—
Nvidia Treiber Nvidia	`cpe:/a:nvidia:display_driver:-`	—
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7

CVE-2023-0189

Affected products

Known affected 7 products

Product	Identifier	Version
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
HP Computer HP	`cpe:/h:hp:computer:-`	—
Nvidia Treiber Nvidia	`cpe:/a:nvidia:display_driver:-`	—
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7

CVE-2023-0188

Affected products

Known affected 7 products

Product	Identifier	Version
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
HP Computer HP	`cpe:/h:hp:computer:-`	—
Nvidia Treiber Nvidia	`cpe:/a:nvidia:display_driver:-`	—
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7

CVE-2023-0187

Affected products

Known affected 7 products

Product	Identifier	Version
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
HP Computer HP	`cpe:/h:hp:computer:-`	—
Nvidia Treiber Nvidia	`cpe:/a:nvidia:display_driver:-`	—
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7

CVE-2023-0186

Affected products

Known affected 7 products

Product	Identifier	Version
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
HP Computer HP	`cpe:/h:hp:computer:-`	—
Nvidia Treiber Nvidia	`cpe:/a:nvidia:display_driver:-`	—
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7

CVE-2023-0185

Affected products

Known affected 7 products

Product	Identifier	Version
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
HP Computer HP	`cpe:/h:hp:computer:-`	—
Nvidia Treiber Nvidia	`cpe:/a:nvidia:display_driver:-`	—
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7

CVE-2023-0184

Affected products

Known affected 7 products

Product	Identifier	Version
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
HP Computer HP	`cpe:/h:hp:computer:-`	—
Nvidia Treiber Nvidia	`cpe:/a:nvidia:display_driver:-`	—
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7

CVE-2023-0183

Affected products

Known affected 7 products

Product	Identifier	Version
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
HP Computer HP	`cpe:/h:hp:computer:-`	—
Nvidia Treiber Nvidia	`cpe:/a:nvidia:display_driver:-`	—
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7

CVE-2023-0182

Affected products

Known affected 7 products

Product	Identifier	Version
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
HP Computer HP	`cpe:/h:hp:computer:-`	—
Nvidia Treiber Nvidia	`cpe:/a:nvidia:display_driver:-`	—
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7

CVE-2023-0181

Affected products

Known affected 7 products

Product	Identifier	Version
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
HP Computer HP	`cpe:/h:hp:computer:-`	—
Nvidia Treiber Nvidia	`cpe:/a:nvidia:display_driver:-`	—
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7

CVE-2023-0180

Affected products

Known affected 7 products

Product	Identifier	Version
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
HP Computer HP	`cpe:/h:hp:computer:-`	—
Nvidia Treiber Nvidia	`cpe:/a:nvidia:display_driver:-`	—
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7

References

9 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://nvidia.custhelp.com/app/answers/detail/a_…	external
https://www.dell.com/support/kbdoc/de-de/00021166…	external
https://support.lenovo.com/us/en/product_security…	external
https://support.hp.com/de-de/document/ish_8094806…	external
https://security.gentoo.org/glsa/202310-02	external
https://security.business.xerox.com/wp-content/up…	external
https://security.business.xerox.com/wp-content/up…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "NVidia ist ein Hersteller von Grafikkarten.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen im Nvidia Treiber ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- BIOS/Firmware",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0810 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0810.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0810 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0810"
      },
      {
        "category": "external",
        "summary": "Security Bulletin: NVIDIA GPU Display Driver - March 2023 vom 2023-03-30",
        "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5452"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2023-092 vom 2023-04-01",
        "url": "https://www.dell.com/support/kbdoc/de-de/000211662/dsa-2023-092"
      },
      {
        "category": "external",
        "summary": "Lenovo Security Advisory: LEN-120653",
        "url": "https://support.lenovo.com/us/en/product_security/ps500558-nvidia-display-driver-advisory-march-2023"
      },
      {
        "category": "external",
        "summary": "HP Security Bulletin HPSBHF03843 vom 2023-05-09",
        "url": "https://support.hp.com/de-de/document/ish_8094806-8098850-16/HPSBHF03843"
      },
      {
        "category": "external",
        "summary": "Gentoo Linux Security Advisory GLSA-202310-02 vom 2023-10-03",
        "url": "https://security.gentoo.org/glsa/202310-02"
      },
      {
        "category": "external",
        "summary": "XEROX Security Advisory XRX24-005 vom 2024-03-04",
        "url": "https://security.business.xerox.com/wp-content/uploads/2024/03/Xerox-Security-Bulletin-XRX24-005-Xerox-FreeFlow%C2%AE-Print-Server-v9_Feb-2024.pdf"
      },
      {
        "category": "external",
        "summary": "XEROX Security Advisory XRX24-004 vom 2024-03-04",
        "url": "https://security.business.xerox.com/wp-content/uploads/2024/03/Xerox%C2%AE-Security-Bulletin-XRX24-004-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v7.pdf"
      }
    ],
    "source_lang": "en-US",
    "title": "Nvidia Treiber: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-03-03T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:47:38.917+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-0810",
      "initial_release_date": "2023-03-30T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-03-30T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-04-02T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2023-04-11T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von LENOVO aufgenommen"
        },
        {
          "date": "2023-05-08T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von HP aufgenommen"
        },
        {
          "date": "2023-10-03T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Gentoo aufgenommen"
        },
        {
          "date": "2024-03-03T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von XEROX aufgenommen"
        }
      ],
      "status": "final",
      "version": "6"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Dell Computer",
            "product": {
              "name": "Dell Computer",
              "product_id": "T006498",
              "product_identification_helper": {
                "cpe": "cpe:/o:dell:dell_computer:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Gentoo Linux",
            "product": {
              "name": "Gentoo Linux",
              "product_id": "T012167",
              "product_identification_helper": {
                "cpe": "cpe:/o:gentoo:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Gentoo"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "HP Computer",
            "product": {
              "name": "HP Computer",
              "product_id": "T023191",
              "product_identification_helper": {
                "cpe": "cpe:/h:hp:computer:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "HP"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Lenovo Computer",
            "product": {
              "name": "Lenovo Computer",
              "product_id": "T026557",
              "product_identification_helper": {
                "cpe": "cpe:/h:lenovo:computer:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Lenovo"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Nvidia Treiber",
            "product": {
              "name": "Nvidia Treiber",
              "product_id": "T000168",
              "product_identification_helper": {
                "cpe": "cpe:/a:nvidia:display_driver:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Nvidia"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "v7",
                "product": {
                  "name": "Xerox FreeFlow Print Server v7",
                  "product_id": "T015631",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:xerox:freeflow_print_server:v7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "v9",
                "product": {
                  "name": "Xerox FreeFlow Print Server v9",
                  "product_id": "T015632",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:xerox:freeflow_print_server:v9"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FreeFlow Print Server"
          }
        ],
        "category": "vendor",
        "name": "Xerox"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-0199",
      "notes": [
        {
          "category": "description",
          "text": "Im Nvidia Treiber existieren mehrere Schwachstellen. Die Fehler bestehen u.a. aufgrund fehlerhafter Speicher\u00fcberpr\u00fcfungen, unzul\u00e4ssiger Lese-, Schreib- und Zugriffsvorg\u00e4nge und unzul\u00e4ssiger Einschr\u00e4nkungen von Operationen. Ein lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006498",
          "T023191",
          "T000168",
          "T015632",
          "T026557",
          "T012167",
          "T015631"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2023-0199"
    },
    {
      "cve": "CVE-2023-0198",
      "notes": [
        {
          "category": "description",
          "text": "Im Nvidia Treiber existieren mehrere Schwachstellen. Die Fehler bestehen u.a. aufgrund fehlerhafter Speicher\u00fcberpr\u00fcfungen, unzul\u00e4ssiger Lese-, Schreib- und Zugriffsvorg\u00e4nge und unzul\u00e4ssiger Einschr\u00e4nkungen von Operationen. Ein lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006498",
          "T023191",
          "T000168",
          "T015632",
          "T026557",
          "T012167",
          "T015631"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2023-0198"
    },
    {
      "cve": "CVE-2023-0197",
      "notes": [
        {
          "category": "description",
          "text": "Im Nvidia Treiber existieren mehrere Schwachstellen. Die Fehler bestehen u.a. aufgrund fehlerhafter Speicher\u00fcberpr\u00fcfungen, unzul\u00e4ssiger Lese-, Schreib- und Zugriffsvorg\u00e4nge und unzul\u00e4ssiger Einschr\u00e4nkungen von Operationen. Ein lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006498",
          "T023191",
          "T000168",
          "T015632",
          "T026557",
          "T012167",
          "T015631"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2023-0197"
    },
    {
      "cve": "CVE-2023-0195",
      "notes": [
        {
          "category": "description",
          "text": "Im Nvidia Treiber existieren mehrere Schwachstellen. Die Fehler bestehen u.a. aufgrund fehlerhafter Speicher\u00fcberpr\u00fcfungen, unzul\u00e4ssiger Lese-, Schreib- und Zugriffsvorg\u00e4nge und unzul\u00e4ssiger Einschr\u00e4nkungen von Operationen. Ein lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006498",
          "T023191",
          "T000168",
          "T015632",
          "T026557",
          "T012167",
          "T015631"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2023-0195"
    },
    {
      "cve": "CVE-2023-0194",
      "notes": [
        {
          "category": "description",
          "text": "Im Nvidia Treiber existieren mehrere Schwachstellen. Die Fehler bestehen u.a. aufgrund fehlerhafter Speicher\u00fcberpr\u00fcfungen, unzul\u00e4ssiger Lese-, Schreib- und Zugriffsvorg\u00e4nge und unzul\u00e4ssiger Einschr\u00e4nkungen von Operationen. Ein lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006498",
          "T023191",
          "T000168",
          "T015632",
          "T026557",
          "T012167",
          "T015631"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2023-0194"
    },
    {
      "cve": "CVE-2023-0192",
      "notes": [
        {
          "category": "description",
          "text": "Im Nvidia Treiber existieren mehrere Schwachstellen. Die Fehler bestehen u.a. aufgrund fehlerhafter Speicher\u00fcberpr\u00fcfungen, unzul\u00e4ssiger Lese-, Schreib- und Zugriffsvorg\u00e4nge und unzul\u00e4ssiger Einschr\u00e4nkungen von Operationen. Ein lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006498",
          "T023191",
          "T000168",
          "T015632",
          "T026557",
          "T012167",
          "T015631"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2023-0192"
    },
    {
      "cve": "CVE-2023-0191",
      "notes": [
        {
          "category": "description",
          "text": "Im Nvidia Treiber existieren mehrere Schwachstellen. Die Fehler bestehen u.a. aufgrund fehlerhafter Speicher\u00fcberpr\u00fcfungen, unzul\u00e4ssiger Lese-, Schreib- und Zugriffsvorg\u00e4nge und unzul\u00e4ssiger Einschr\u00e4nkungen von Operationen. Ein lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006498",
          "T023191",
          "T000168",
          "T015632",
          "T026557",
          "T012167",
          "T015631"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2023-0191"
    },
    {
      "cve": "CVE-2023-0190",
      "notes": [
        {
          "category": "description",
          "text": "Im Nvidia Treiber existieren mehrere Schwachstellen. Die Fehler bestehen u.a. aufgrund fehlerhafter Speicher\u00fcberpr\u00fcfungen, unzul\u00e4ssiger Lese-, Schreib- und Zugriffsvorg\u00e4nge und unzul\u00e4ssiger Einschr\u00e4nkungen von Operationen. Ein lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006498",
          "T023191",
          "T000168",
          "T015632",
          "T026557",
          "T012167",
          "T015631"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2023-0190"
    },
    {
      "cve": "CVE-2023-0189",
      "notes": [
        {
          "category": "description",
          "text": "Im Nvidia Treiber existieren mehrere Schwachstellen. Die Fehler bestehen u.a. aufgrund fehlerhafter Speicher\u00fcberpr\u00fcfungen, unzul\u00e4ssiger Lese-, Schreib- und Zugriffsvorg\u00e4nge und unzul\u00e4ssiger Einschr\u00e4nkungen von Operationen. Ein lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006498",
          "T023191",
          "T000168",
          "T015632",
          "T026557",
          "T012167",
          "T015631"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2023-0189"
    },
    {
      "cve": "CVE-2023-0188",
      "notes": [
        {
          "category": "description",
          "text": "Im Nvidia Treiber existieren mehrere Schwachstellen. Die Fehler bestehen u.a. aufgrund fehlerhafter Speicher\u00fcberpr\u00fcfungen, unzul\u00e4ssiger Lese-, Schreib- und Zugriffsvorg\u00e4nge und unzul\u00e4ssiger Einschr\u00e4nkungen von Operationen. Ein lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006498",
          "T023191",
          "T000168",
          "T015632",
          "T026557",
          "T012167",
          "T015631"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2023-0188"
    },
    {
      "cve": "CVE-2023-0187",
      "notes": [
        {
          "category": "description",
          "text": "Im Nvidia Treiber existieren mehrere Schwachstellen. Die Fehler bestehen u.a. aufgrund fehlerhafter Speicher\u00fcberpr\u00fcfungen, unzul\u00e4ssiger Lese-, Schreib- und Zugriffsvorg\u00e4nge und unzul\u00e4ssiger Einschr\u00e4nkungen von Operationen. Ein lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006498",
          "T023191",
          "T000168",
          "T015632",
          "T026557",
          "T012167",
          "T015631"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2023-0187"
    },
    {
      "cve": "CVE-2023-0186",
      "notes": [
        {
          "category": "description",
          "text": "Im Nvidia Treiber existieren mehrere Schwachstellen. Die Fehler bestehen u.a. aufgrund fehlerhafter Speicher\u00fcberpr\u00fcfungen, unzul\u00e4ssiger Lese-, Schreib- und Zugriffsvorg\u00e4nge und unzul\u00e4ssiger Einschr\u00e4nkungen von Operationen. Ein lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006498",
          "T023191",
          "T000168",
          "T015632",
          "T026557",
          "T012167",
          "T015631"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2023-0186"
    },
    {
      "cve": "CVE-2023-0185",
      "notes": [
        {
          "category": "description",
          "text": "Im Nvidia Treiber existieren mehrere Schwachstellen. Die Fehler bestehen u.a. aufgrund fehlerhafter Speicher\u00fcberpr\u00fcfungen, unzul\u00e4ssiger Lese-, Schreib- und Zugriffsvorg\u00e4nge und unzul\u00e4ssiger Einschr\u00e4nkungen von Operationen. Ein lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006498",
          "T023191",
          "T000168",
          "T015632",
          "T026557",
          "T012167",
          "T015631"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2023-0185"
    },
    {
      "cve": "CVE-2023-0184",
      "notes": [
        {
          "category": "description",
          "text": "Im Nvidia Treiber existieren mehrere Schwachstellen. Die Fehler bestehen u.a. aufgrund fehlerhafter Speicher\u00fcberpr\u00fcfungen, unzul\u00e4ssiger Lese-, Schreib- und Zugriffsvorg\u00e4nge und unzul\u00e4ssiger Einschr\u00e4nkungen von Operationen. Ein lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006498",
          "T023191",
          "T000168",
          "T015632",
          "T026557",
          "T012167",
          "T015631"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2023-0184"
    },
    {
      "cve": "CVE-2023-0183",
      "notes": [
        {
          "category": "description",
          "text": "Im Nvidia Treiber existieren mehrere Schwachstellen. Die Fehler bestehen u.a. aufgrund fehlerhafter Speicher\u00fcberpr\u00fcfungen, unzul\u00e4ssiger Lese-, Schreib- und Zugriffsvorg\u00e4nge und unzul\u00e4ssiger Einschr\u00e4nkungen von Operationen. Ein lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006498",
          "T023191",
          "T000168",
          "T015632",
          "T026557",
          "T012167",
          "T015631"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2023-0183"
    },
    {
      "cve": "CVE-2023-0182",
      "notes": [
        {
          "category": "description",
          "text": "Im Nvidia Treiber existieren mehrere Schwachstellen. Die Fehler bestehen u.a. aufgrund fehlerhafter Speicher\u00fcberpr\u00fcfungen, unzul\u00e4ssiger Lese-, Schreib- und Zugriffsvorg\u00e4nge und unzul\u00e4ssiger Einschr\u00e4nkungen von Operationen. Ein lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006498",
          "T023191",
          "T000168",
          "T015632",
          "T026557",
          "T012167",
          "T015631"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2023-0182"
    },
    {
      "cve": "CVE-2023-0181",
      "notes": [
        {
          "category": "description",
          "text": "Im Nvidia Treiber existieren mehrere Schwachstellen. Die Fehler bestehen u.a. aufgrund fehlerhafter Speicher\u00fcberpr\u00fcfungen, unzul\u00e4ssiger Lese-, Schreib- und Zugriffsvorg\u00e4nge und unzul\u00e4ssiger Einschr\u00e4nkungen von Operationen. Ein lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006498",
          "T023191",
          "T000168",
          "T015632",
          "T026557",
          "T012167",
          "T015631"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2023-0181"
    },
    {
      "cve": "CVE-2023-0180",
      "notes": [
        {
          "category": "description",
          "text": "Im Nvidia Treiber existieren mehrere Schwachstellen. Die Fehler bestehen u.a. aufgrund fehlerhafter Speicher\u00fcberpr\u00fcfungen, unzul\u00e4ssiger Lese-, Schreib- und Zugriffsvorg\u00e4nge und unzul\u00e4ssiger Einschr\u00e4nkungen von Operationen. Ein lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006498",
          "T023191",
          "T000168",
          "T015632",
          "T026557",
          "T012167",
          "T015631"
        ]
      },
      "release_date": "2023-03-30T22:00:00.000+00:00",
      "title": "CVE-2023-0180"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-0181 (GCVE-0-2023-0181)

BDU:2023-01887

FKIE_CVE-2023-0181

GHSA-2QWV-XP73-79CX

GSD-2023-0181

WID-SEC-W-2023-0810

Tags

Sightings

Nomenclature