CVE-2024-0127 is a high-severity vulnerability affecting NVIDIA’s vGPU software, specifically in the GPU kernel driver of the vGPU Manager. It affects all supported hypervisors, allowing a user on the guest OS to exploit improper input validation, potentially compromising the guest OS kernel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.
Affected versions include all releases prior to version 17.4 and 16.8 of vGPU, as well as the October 2024 update. To mitigate the risk, users should update to the patched versions.
See more details on: