What is CVE-2020-5987?

CVE-2020-5987 is a vulnerability in NVIDIA Virtual GPU Manager that allows guest-supplied parameters to remain writable by the guest after validation.

What is the severity of CVE-2020-5987?

The severity of CVE-2020-5987 is high.

How does CVE-2020-5987 affect NVIDIA Virtual GPU Manager?

CVE-2020-5987 affects NVIDIA Virtual GPU Manager by allowing guests to pass invalid parameters to plugin handlers, potentially leading to denial of service or escalation of privileges.

Which versions of NVIDIA Virtual GPU Manager are affected by CVE-2020-5987?

Versions 8.0 to 8.5, 10.0 to 10.4, and 11.0 of NVIDIA Virtual GPU Manager are affected by CVE-2020-5987.

How can I fix CVE-2020-5987?

To fix CVE-2020-5987, NVIDIA recommends updating to a version of Virtual GPU Manager that is not affected by the vulnerability.

Vulnerability/
CVE-2020-5987

high

7.8

CWE

459

2/10/2020

4/8/2024

CVE-2020-5987

First published: Fri Oct 02 2020(Updated: )

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which guest-supplied parameters remain writable by the guest after the plugin has validated them, which may lead to the guest being able to pass invalid parameters to plugin handlers, which may lead to denial of service or escalation of privileges. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0.

Credit: psirt@nvidia.com

Affected Software	Affected Version	How to fix
NVIDIA Virtual GPU Manager	>=8.0<8.5
NVIDIA Virtual GPU Manager	>=10.0<10.4
NVIDIA Virtual GPU Manager	=11.0

Never miss a vulnerability like this again

Reference Links

https://nvidia.custhelp.com/app/answers/detail/a_id/5075

Frequently Asked Questions

What is CVE-2020-5987?
CVE-2020-5987 is a vulnerability in NVIDIA Virtual GPU Manager that allows guest-supplied parameters to remain writable by the guest after validation.
What is the severity of CVE-2020-5987?
The severity of CVE-2020-5987 is high.
How does CVE-2020-5987 affect NVIDIA Virtual GPU Manager?
CVE-2020-5987 affects NVIDIA Virtual GPU Manager by allowing guests to pass invalid parameters to plugin handlers, potentially leading to denial of service or escalation of privileges.
Which versions of NVIDIA Virtual GPU Manager are affected by CVE-2020-5987?
Versions 8.0 to 8.5, 10.0 to 10.4, and 11.0 of NVIDIA Virtual GPU Manager are affected by CVE-2020-5987.
How can I fix CVE-2020-5987?
To fix CVE-2020-5987, NVIDIA recommends updating to a version of Virtual GPU Manager that is not affected by the vulnerability.

collector/nvd-index
agent/references
agent/weakness
agent/severity
agent/author
agent/type
agent/event
agent/description
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/nvidia
canonical/nvidia virtual gpu manager
version/nvidia virtual gpu manager/8.0
version/nvidia virtual gpu manager/10.0
version/nvidia virtual gpu manager/11.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.