CVE-2023-25517: 
NVIDIA Graphics Driver vulnerability analysis and mitigation

NVIDIA vGPU software contains a vulnerability (CVE-2023-25517) in the Virtual GPU Manager (vGPU plugin) that was disclosed on June 27, 2023. The vulnerability affects NVIDIA vGPU software installations across multiple platforms including Citrix Hypervisor, VMware vSphere, and Red Hat Enterprise Linux KVM (NVIDIA Advisory).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.1 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N. It is classified as an improper authorization vulnerability (CWE-285). The vulnerability requires local access, has low attack complexity, requires low privileges, and needs no user interaction to exploit (NVD).

If exploited, this vulnerability allows a guest operating system to control resources for which it is not authorized. This unauthorized access can lead to information disclosure and data tampering in the affected systems (NVIDIA Advisory).

NVIDIA has released security updates to address this vulnerability. For vGPU software (Virtual GPU Manager), users should update to version 15.3 (525.125.03), 13.8 (470.199.03), or 11.13 (450.248.03) depending on their current version. These updates are available through the NVIDIA Licensing Portal (NVIDIA Advisory).