CVE-2020-5988

CWE-415 CWE-416 — Use After Free3 documents3 sources

Severity

7.1HIGH

EPSS

0.1%

top 83.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Virtual GPU Manager Nvidia Nvidia Vgpu Software

Timeline

PublishedOct 2

Latest updateMay 24

Description

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which allocated memory can be freed twice, which may lead to information disclosure or denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

▶NVDnvidia/virtual_gpu_manager8.0 — 8.5+2

▶CVEListV5nvidia/nvidia_vgpu_softwarevGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0.

🔴Vulnerability Details

GHSA

GHSA-8v9h-cmm6-q9vj: NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which allocated memory can be freed twice, which may lead to information di↗2022-05-24

▶

CVEList

CVE-2020-5988: NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which allocated memory can be freed twice, which may lead to information di↗2020-10-02

▶