CVE Vulnerabilities

CVE-2022-28191

Uncontrolled Resource Consumption

Published: May 17, 2022 | Modified: May 26, 2022
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
4.9 MEDIUM
AV:L/AC:L/Au:N/C:N/I:N/A:C
RedHat/V2
RedHat/V3
Ubuntu

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where uncontrolled resource consumption can be triggered by an unprivileged regular user, which may lead to denial of service.

Weakness

The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

Affected Software

Name Vendor Start Version End Version
Virtual_gpu Nvidia 13.0 *
Virtual_gpu Nvidia 11.0 *
Virtual_gpu Nvidia 14.0 14.0
Nvidia-graphics-drivers-304 Ubuntu esm-infra/xenial *
Nvidia-graphics-drivers-304 Ubuntu trusty *
Nvidia-graphics-drivers-304 Ubuntu xenial *
Nvidia-graphics-drivers-304-updates Ubuntu trusty *
Nvidia-graphics-drivers-304-updates Ubuntu xenial *
Nvidia-graphics-drivers-340 Ubuntu bionic *
Nvidia-graphics-drivers-340 Ubuntu esm-infra/xenial *
Nvidia-graphics-drivers-340 Ubuntu focal *
Nvidia-graphics-drivers-340 Ubuntu trusty *
Nvidia-graphics-drivers-340 Ubuntu xenial *
Nvidia-graphics-drivers-340-updates Ubuntu trusty *
Nvidia-graphics-drivers-352 Ubuntu trusty *
Nvidia-graphics-drivers-352-updates Ubuntu trusty *
Nvidia-graphics-drivers-367 Ubuntu trusty *
Nvidia-graphics-drivers-375 Ubuntu trusty *
Nvidia-graphics-drivers-384 Ubuntu trusty *
Nvidia-graphics-drivers-384 Ubuntu xenial *
Nvidia-graphics-drivers-390 Ubuntu bionic *
Nvidia-graphics-drivers-390 Ubuntu devel *
Nvidia-graphics-drivers-390 Ubuntu focal *
Nvidia-graphics-drivers-390 Ubuntu impish *
Nvidia-graphics-drivers-390 Ubuntu jammy *
Nvidia-graphics-drivers-418-server Ubuntu bionic *
Nvidia-graphics-drivers-418-server Ubuntu devel *
Nvidia-graphics-drivers-418-server Ubuntu focal *
Nvidia-graphics-drivers-418-server Ubuntu impish *
Nvidia-graphics-drivers-418-server Ubuntu jammy *
Nvidia-graphics-drivers-430 Ubuntu bionic *
Nvidia-graphics-drivers-430 Ubuntu devel *
Nvidia-graphics-drivers-430 Ubuntu focal *
Nvidia-graphics-drivers-430 Ubuntu impish *
Nvidia-graphics-drivers-430 Ubuntu jammy *
Nvidia-graphics-drivers-435 Ubuntu bionic *
Nvidia-graphics-drivers-435 Ubuntu devel *
Nvidia-graphics-drivers-435 Ubuntu focal *
Nvidia-graphics-drivers-435 Ubuntu impish *
Nvidia-graphics-drivers-435 Ubuntu jammy *
Nvidia-graphics-drivers-440 Ubuntu bionic *
Nvidia-graphics-drivers-440 Ubuntu devel *
Nvidia-graphics-drivers-440 Ubuntu focal *
Nvidia-graphics-drivers-440 Ubuntu impish *
Nvidia-graphics-drivers-440 Ubuntu jammy *
Nvidia-graphics-drivers-440-server Ubuntu bionic *
Nvidia-graphics-drivers-440-server Ubuntu devel *
Nvidia-graphics-drivers-440-server Ubuntu focal *
Nvidia-graphics-drivers-440-server Ubuntu impish *
Nvidia-graphics-drivers-440-server Ubuntu jammy *
Nvidia-graphics-drivers-450 Ubuntu bionic *
Nvidia-graphics-drivers-450 Ubuntu devel *
Nvidia-graphics-drivers-450 Ubuntu focal *
Nvidia-graphics-drivers-450 Ubuntu impish *
Nvidia-graphics-drivers-450 Ubuntu jammy *
Nvidia-graphics-drivers-450-server Ubuntu bionic *
Nvidia-graphics-drivers-450-server Ubuntu devel *
Nvidia-graphics-drivers-450-server Ubuntu focal *
Nvidia-graphics-drivers-450-server Ubuntu impish *
Nvidia-graphics-drivers-450-server Ubuntu jammy *
Nvidia-graphics-drivers-455 Ubuntu bionic *
Nvidia-graphics-drivers-455 Ubuntu devel *
Nvidia-graphics-drivers-455 Ubuntu focal *
Nvidia-graphics-drivers-455 Ubuntu impish *
Nvidia-graphics-drivers-455 Ubuntu jammy *
Nvidia-graphics-drivers-460 Ubuntu bionic *
Nvidia-graphics-drivers-460 Ubuntu devel *
Nvidia-graphics-drivers-460 Ubuntu focal *
Nvidia-graphics-drivers-460 Ubuntu impish *
Nvidia-graphics-drivers-460 Ubuntu jammy *
Nvidia-graphics-drivers-460-server Ubuntu bionic *
Nvidia-graphics-drivers-460-server Ubuntu focal *
Nvidia-graphics-drivers-460-server Ubuntu impish *
Nvidia-graphics-drivers-470 Ubuntu bionic *
Nvidia-graphics-drivers-470 Ubuntu devel *
Nvidia-graphics-drivers-470 Ubuntu focal *
Nvidia-graphics-drivers-470 Ubuntu impish *
Nvidia-graphics-drivers-470 Ubuntu jammy *
Nvidia-graphics-drivers-470-server Ubuntu bionic *
Nvidia-graphics-drivers-470-server Ubuntu devel *
Nvidia-graphics-drivers-470-server Ubuntu focal *
Nvidia-graphics-drivers-470-server Ubuntu impish *
Nvidia-graphics-drivers-470-server Ubuntu jammy *
Nvidia-graphics-drivers-510 Ubuntu bionic *
Nvidia-graphics-drivers-510 Ubuntu devel *
Nvidia-graphics-drivers-510 Ubuntu focal *
Nvidia-graphics-drivers-510 Ubuntu impish *
Nvidia-graphics-drivers-510 Ubuntu jammy *
Nvidia-graphics-drivers-510-server Ubuntu bionic *
Nvidia-graphics-drivers-510-server Ubuntu devel *
Nvidia-graphics-drivers-510-server Ubuntu focal *
Nvidia-graphics-drivers-510-server Ubuntu impish *
Nvidia-graphics-drivers-510-server Ubuntu jammy *

Extended Description

Limited resources include memory, file system storage, database connection pool entries, and CPU. If an attacker can trigger the allocation of these limited resources, but the number or size of the resources is not controlled, then the attacker could cause a denial of service that consumes all available resources. This would prevent valid users from accessing the software, and it could potentially have an impact on the surrounding environment. For example, a memory exhaustion attack against an application could slow down the application as well as its host operating system. There are at least three distinct scenarios which can commonly lead to resource exhaustion:

Resource exhaustion problems are often result due to an incorrect implementation of the following situations:

Potential Mitigations

  • Mitigation of resource exhaustion attacks requires that the target system either:

  • The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.

  • The second solution is simply difficult to effectively institute – and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.

References