{"containers": {"cna": {"affected": [{"product": "NVIDIA Virtual GPU Software and NVIDIA Cloud Gaming", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "vGPU version 14.x (prior to 14.2), version 13.x (prior to 13.4) and version 11.x (prior 11.9)."}]}], "descriptions": [{"lang": "en", "value": "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows the guest VM to allocate resources for which the guest is not authorized. This vulnerability may lead to loss of data integrity and confidentiality, denial of service, or information disclosure."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-285", "description": "CWE-285 Improper Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-05T20:30:19.000Z", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@nvidia.com", "ID": "CVE-2022-31609", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "NVIDIA Virtual GPU Software and NVIDIA Cloud Gaming", "version": {"version_data": [{"version_value": "vGPU version 14.x (prior to 14.2), version 13.x (prior to 13.4) and version 11.x (prior 11.9)."}]}}]}, "vendor_name": "NVIDIA"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows the guest VM to allocate resources for which the guest is not authorized. This vulnerability may lead to loss of data integrity and confidentiality, denial of service, or information disclosure."}]}, "impact": {"cvss": {"baseScore": 7.8, "baseSeverity": "High", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-285 Improper Authorization"}]}]}, "references": {"reference_data": [{"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383", "refsource": "MISC", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:26:01.107Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-02T14:19:41.315907Z", "id": "CVE-2022-31609", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-02T14:19:48.961Z"}}]}, "cveMetadata": {"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-31609", "datePublished": "2022-08-05T20:30:19.000Z", "dateReserved": "2022-05-24T00:00:00.000Z", "dateUpdated": "2026-06-02T14:19:48.961Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:26:01.107Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-31609", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-06-02T14:19:41.315907Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-02T14:19:45.444Z"}}], "cna": {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "NVIDIA", "product": "NVIDIA Virtual GPU Software and NVIDIA Cloud Gaming", "versions": [{"status": "affected", "version": "vGPU version 14.x (prior to 14.2), version 13.x (prior to 13.4) and version 11.x (prior 11.9)."}]}], "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows the guest VM to allocate resources for which the guest is not authorized. This vulnerability may lead to loss of data integrity and confidentiality, denial of service, or information disclosure."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-285", "description": "CWE-285 Improper Authorization"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2022-08-05T20:30:19.000Z"}, "x_legacyV4Record": {"impact": {"cvss": {"version": "3.1", "baseScore": 7.8, "baseSeverity": "High", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "vGPU version 14.x (prior to 14.2), version 13.x (prior to 13.4) and version 11.x (prior 11.9)."}]}, "product_name": "NVIDIA Virtual GPU Software and NVIDIA Cloud Gaming"}]}, "vendor_name": "NVIDIA"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383", "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows the guest VM to allocate resources for which the guest is not authorized. This vulnerability may lead to loss of data integrity and confidentiality, denial of service, or information disclosure."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-285 Improper Authorization"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-31609", "STATE": "PUBLIC", "ASSIGNER": "psirt@nvidia.com"}}}}, "cveMetadata": {"cveId": "CVE-2022-31609", "state": "PUBLISHED", "dateUpdated": "2026-06-02T14:19:48.961Z", "dateReserved": "2022-05-24T00:00:00.000Z", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "datePublished": "2022-08-05T20:30:19.000Z", "assignerShortName": "nvidia"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "45F338C5-245D-4D10-9B48-B56B7094F167", "versionEndExcluding": "11.8", "versionStartIncluding": "11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "98C8F13F-2F8F-4BAE-B971-582084B93D58", "versionEndExcluding": "13.3", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:virtual_gpu:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "3CB2F728-3BFD-418D-AC29-A4165D1E7CA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:virtual_gpu:14.1:*:*:*:*:*:*:*", "matchCriteriaId": "F3C0C0B2-C4DC-4DB8-BD80-D6082FD1248B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows the guest VM to allocate resources for which the guest is not authorized. This vulnerability may lead to loss of data integrity and confidentiality, denial of service, or information disclosure."}, {"lang": "es", "value": "El software NVIDIA vGPU contiene una vulnerabilidad en el Virtual GPU Manager (vGPU plugin), donde permite que la VM invitada asigne recursos para los que el invitado no est\u00e1 autorizado. Esta vulnerabilidad puede conllevar a una p\u00e9rdida de integridad y confidencialidad de los datos, una denegaci\u00f3n de servicio o una divulgaci\u00f3n de informaci\u00f3n"}], "id": "CVE-2022-31609", "lastModified": "2024-11-21T07:04:50.567", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "psirt@nvidia.com", "type": "Secondary"}]}, "published": "2022-08-05T21:15:08.813", "references": [{"source": "psirt@nvidia.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-285"}], "source": "psirt@nvidia.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}