Versions
vGPU version 14.x (prior to 14.2), version 13.x (prior to 13.4) and version 11.x (prior 11.9).
vGPU version 13.x (prior to 13.2), version 11.x (prior to 11.7) and version 8.x (prior 8.10).
vGPU version 14.x (prior to 14.1), version 13.x (prior to 13.3) and version 11.x (prior 11.8).
Recent CVEs
CVE-2022-31618
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a null pointer, which may lead to denial of service.
CVE-2022-31614
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where it may double-free some resources. An attacker may exploit this vulnerability with other vulnerabilities to cause denial of service, code execution, and information disclosure.
CVE-2022-31609
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows the guest VM to allocate resources for which the guest is not authorized. This vulnerability may lead to loss of data integrity and confidentiality, denial of service, or information disclosure.
CVE-2022-28192
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where it may lead to a use-after-free, which in turn may cause denial of service. This attack is complex to carry out because the attacker needs to have control over freeing some host side resources out of sequence, which requires elevated privileges.