← Back

CVE-2020-5987

nvd nist
Published: Oct 2, 2020Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which guest-supplied parameters remain writable by the guest after the plugin has validated them, which may lead to the guest being able to pass invalid parameters to plugin handlers, which may lead to denial of service or escalation of privileges. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0.

Affected (3)

Nvidia
1 product
Virtual Gpu Manager
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Nvidia
Virtual Gpu Manager
From 10.0 to 10.4
Virtual Gpu Manager
From 8.0 to 8.5
Virtual Gpu Manager
Version 11.0

Related CWEs

CWE-459
Incomplete Cleanup
The product does not properly "clean up" and remove temporary or supporting resources after they have been used.

References (2)

Source: psirt@nvidia.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.