CVE-2024-0077

Name of the Vulnerable Software and Affected Versions: NVIDIA Virtual GPU Manager (affected versions not specified) NVIDIA GPU Display Driver (affected versions not specified)

Description: The issue is related to a vulnerability in the vGPU plugin of the NVIDIA Virtual GPU Manager, which allows a guest OS to allocate resources for which it is not authorized. This can lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. Additionally, there is a vulnerability associated with a null pointer dereference in the NVIDIA GPU Display Driver, which can cause a denial of service, escalate privileges, and disclose protected information.

Recommendations: For NVIDIA Virtual GPU Manager, consider restricting the allocation of resources to authorized guest OS instances until a patch is available. For NVIDIA GPU Display Driver, as a temporary workaround, consider disabling the functionality related to the null pointer dereference until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.