CVE-2020-5969

EUVD-2020-27123
NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which it validates a shared resource before using it, creating a race condition which may lead to denial of service or information disclosure. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).
Race Condition
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.3 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
Affected Products (NVD)
VendorProductVersion
nvidiavirtual_gpu_manager
8.0 ≤
𝑥
≤ 8.3
nvidiavirtual_gpu_manager
9.0 ≤
𝑥
≤ 9.3
nvidiavirtual_gpu_manager
10.0 ≤
𝑥
≤ 10.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://nvidia.custhelp.com/app/answers/detail/a_id/5031
https://nvidia.custhelp.com/app/answers/detail/a_id/5031