CVE-2020-5973

CWE-20 — Improper Input Validation7 documents5 sources

Severity

4.4MEDIUM

EPSS

0.1%

top 83.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Virtual GPU Nvidia Nvidia Vgpu Software Canonical Ubuntu Linux

Timeline

PublishedJun 30

Latest updateMay 24

Description

NVIDIA Virtual GPU Manager and the guest drivers contain a vulnerability in vGPU plugin, in which there is the potential to execute privileged operations, which may lead to denial of service. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5nvidia/nvidia_vgpu_softwareAll

▶Ubuntunvidia-graphics-drivers-390< 390.138-0ubuntu0.18.04.1+1

▶Ubuntunvidia-graphics-drivers-440< 440.100-0ubuntu0.18.04.1+1

▶NVDnvidia/virtual_gpu8.0 — 8.3+2

Also affects: Ubuntu Linux 18.04, 19.10, 20.04

🔴Vulnerability Details

GHSA

GHSA-h6g8-26w8-pwgp: NVIDIA Virtual GPU Manager and the guest drivers contain a vulnerability in vGPU plugin, in which there is the potential to execute privileged operati↗2022-05-24

▶

CVEList

CVE-2020-5973: NVIDIA Virtual GPU Manager and the guest drivers contain a vulnerability in vGPU plugin, in which there is the potential to execute privileged operati↗2020-06-30

▶

OSV

nvidia-graphics-drivers-390, nvidia-graphics-drivers-440 vulnerabilities↗2020-06-25

▶

OSV

CVE-2020-5973: NVIDIA Virtual GPU Manager and the guest drivers contain a vulnerability in vGPU plugin, in which there is the potential to execute privileged operati↗2020-06-24

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2020-06-25

▶

Ubuntu

NVIDIA graphics drivers vulnerabilities↗2020-06-25

▶