CVE-2020-5971

EUVD-2020-27125

30.06.2020, 23:15

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which the software reads from a buffer by using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer, which may lead to code execution, denial of service, escalation of privileges, or information disclosure. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 18%

Affected Products (NVD)

Vendor	Product	Version
nvidia	virtual_gpu_manager	8.0 ≤ 𝑥 ≤ 8.3
nvidia	virtual_gpu_manager	9.0 ≤ 𝑥 ≤ 9.3
nvidia	virtual_gpu_manager	10.0 ≤ 𝑥 ≤ 10.2

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5031