CVE-2020-5969

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which it validates a shared resource before using it, creating a race condition which may lead to denial of service or information disclosure. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).

• CVE ID
• CVE-2020-5969

• Assigner
• psirt@nvidia.com

• Vulnerability Status
• Analyzed

• Published Version
• 2020-06-30T23:15:12

• Last Modified Date
• 2020-07-10T13:28:14

• Version
• 2.0

• Vector String
• AV:L/AC:M/Au:N/C:P/I:N/A:P

• Access Vector
• LOCAL

• Access Compatibility
• MEDIUM

• Authentication
• NONE

• Confidentiality Impact
• PARTIAL

• Integrity Impact
• NONE

• Availability Impact
• PARTIAL

• Base Score
• 3.3

• Severity
• LOW

• Exploitability Score
• 3.4

• Impact Score
• 4.9

• Version
• 3.1

• Vector String
• CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

• Attack Vector
• LOCAL

• Attack Compatibility
• HIGH

• Privileges Required
• LOW

• User Interaction
• NONE

• Scope
• UNCHANGED

• Confidentiality Impact
• HIGH

• Availability Impact
• HIGH

• Base Score
• 6.3

• Base Severity
• MEDIUM

• Exploitability Score
• 1

• Impact Score
• 5.2