CVE-2022-31614

Published: Aug 5, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where it may double-free some resources. An attacker may exploit this vulnerability with other vulnerabilities to cause denial of service, code execution, and information disclosure.

Affected (4)

Products: Nvidia: Virtual Gpu

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Nvidia Virtual Gpu	From 11.0 to 11.8
Nvidia Virtual Gpu	From 13.0 to 13.3
Nvidia Virtual Gpu	Version 14.0
Nvidia Virtual Gpu	Version 14.1

Related CWEs

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (2)

https://nvidia.custhelp.com/app/answers/detail/a_id/5383

Source: psirt@nvidia.com

PatchVendor Advisory

https://nvidia.custhelp.com/app/answers/detail/a_id/5383

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.