CVE-2022-31609 HIGH

CVE-2022-31609

Vendor Nvidia

Product NVIDIA Virtual GPU Software and NVIDIA Cloud Gaming

Weakness CWE-285

Published August 5, 2022

Last update June 2, 2026

View on NVD All CVEs

CVSS base score

7.8/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows the guest VM to allocate resources for which the guest is not authorized. This vulnerability may lead to loss of data integrity and confidentiality, denial of service, or information disclosure.

Key dates

02Disclosure timeline

August 5, 2022 CVE published

June 2, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-31609

Related vulnerabilities

04Related CVE

CVE-2024-7799 SourceCodester Simple Online Bidding System users.php improper authorization CVE-2021-42331 ShinHer Information Co., LTD. ShinHer StudyOnline System - Improper Authorization-2 CVE-2025-14348 weMail <= 2.0.7 - Insufficient Authorization via x-wemail-user Header to Sensitive Information Disclosure CVE-2025-11815 UiPress lite | Effortless custom dashboards, admin themes and pages <= 3.5.08 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update CVE-2025-4519 IDonate 2.1.5 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_password Function

Identifiers

CVE CVE-2022-31609

CWE CWE-285

CVSS 7.8 / HIGH

Affected versions

Vendor Nvidia

Product NVIDIA Virtual GPU Software and NVIDIA Cloud Gaming

Affected vGPU version 14.x (prior to 14.2), version 13.x (prior to 13.4) and version 11.x (prior 11.9).