ID CVE-2020-5987 Type cve Reporter cve@mitre.org Modified 2020-10-13T15:57:00
Description
NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which guest-supplied parameters remain writable by the guest after the plugin has validated them, which may lead to the guest being able to pass invalid parameters to plugin handlers, which may lead to denial of service or escalation of privileges. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0.
{"id": "CVE-2020-5987", "bulletinFamily": "NVD", "title": "CVE-2020-5987", "description": "NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which guest-supplied parameters remain writable by the guest after the plugin has validated them, which may lead to the guest being able to pass invalid parameters to plugin handlers, which may lead to denial of service or escalation of privileges. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0.", "published": "2020-10-02T21:15:00", "modified": "2020-10-13T15:57:00", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5987", "reporter": "cve@mitre.org", "references": ["https://nvidia.custhelp.com/app/answers/detail/a_id/5075"], "cvelist": ["CVE-2020-5987"], "type": "cve", "lastseen": "2020-12-09T22:03:16", "edition": 6, "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "lenovo", "idList": ["LENOVO:PS500358-NOSID", "LENOVO:PS500358-NVIDIA-GPU-DISPLAY-DRIVER-SEPTEMBER-2020-SECURITY-BULLETIN-NOSID"]}, {"type": "nvidia", "idList": ["NVIDIA:5075"]}], "modified": "2020-12-09T22:03:16", "rev": 2}, "score": {"value": 4.1, "vector": "NONE", "modified": "2020-12-09T22:03:16", "rev": 2}, "vulnersScore": 4.1}, "cpe": ["cpe:/a:nvidia:virtual_gpu_manager:11.0"], "affectedSoftware": [{"cpeName": "nvidia:virtual_gpu_manager", "name": "nvidia virtual gpu manager", "operator": "lt", "version": "10.4"}, {"cpeName": "nvidia:virtual_gpu_manager", "name": "nvidia virtual gpu manager", "operator": "eq", "version": "11.0"}, {"cpeName": "nvidia:virtual_gpu_manager", "name": "nvidia virtual gpu manager", "operator": "lt", "version": "8.5"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cpe23": ["cpe:2.3:a:nvidia:virtual_gpu_manager:11.0:*:*:*:*:*:*:*"], "cwe": ["CWE-459"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nvidia:virtual_gpu_manager:11.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nvidia:virtual_gpu_manager:10.4:*:*:*:*:*:*:*", "versionEndExcluding": "10.4", "versionStartIncluding": "10.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nvidia:virtual_gpu_manager:8.5:*:*:*:*:*:*:*", "versionEndExcluding": "8.5", "versionStartIncluding": "8.0", "vulnerable": true}], "operator": "OR"}]}, "scheme": null}
{"lenovo": [{"lastseen": "2020-10-14T09:01:59", "bulletinFamily": "info", "cvelist": ["CVE-2020-5988", "CVE-2020-5986", "CVE-2020-5989", "CVE-2020-5980", "CVE-2020-5979", "CVE-2020-5987", "CVE-2020-5985", "CVE-2020-5981", "CVE-2020-5983", "CVE-2020-5982", "CVE-2020-5984"], "description": "**Lenovo Security Advisory: **LEN-47663\n\n**Potential Impact: **Denial of service, code execution, privilege escalation, information disclosure\n\n**Severity: **High\n\n**Scope of Impact: **Industry-wide\n\n**CVE Identifier: ** CVE-2020-5979 , CVE-2020-5980, CVE-2020-5981, CVE-2020-5981 , CVE-2020-5982, CVE-2020-5983, CVE-2020-5984, CVE-2020-5985, CVE-2020-5986, CVE-2020-5987, CVE-2020-5988, CVE-2020-5989\n\n**Summary Description:**\n\nNVIDIA has released a software security update for the NVIDIA GPU Display Driver and NVIDIA vGPU Software. This update addresses issues that may lead to denial of service, code execution, escalation of privileges, or information disclosure.\n\n**Mitigation Strategy for Customers (what you should do to protect yourself):**\n\nNVIDIA recommends upgrading to the driver version (or newer) indicated for your model in the Product Impact section below\n", "edition": 2, "modified": "2020-10-13T16:29:54", "published": "2020-10-06T23:17:43", "id": "LENOVO:PS500358-NOSID", "href": "https://support.lenovo.com/us/en/product_security/ps500358", "title": "NVIDIA GPU Display Driver - September 2020 Security Bulletin - Lenovo Support US", "type": "lenovo", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-15T23:27:32", "bulletinFamily": "info", "cvelist": ["CVE-2020-5988", "CVE-2020-5986", "CVE-2020-5989", "CVE-2020-5980", "CVE-2020-5979", "CVE-2020-5987", "CVE-2020-5985", "CVE-2020-5981", "CVE-2020-5983", "CVE-2020-5982", "CVE-2020-5984"], "description": "**Lenovo Security Advisory: **LEN-47663\n\n**Potential Impact: **Denial of service, code execution, privilege escalation, information disclosure\n\n**Severity: **High\n\n**Scope of Impact: **Industry-wide\n\n**CVE Identifier: ** CVE-2020-5979 , CVE-2020-5980, CVE-2020-5981, CVE-2020-5981 , CVE-2020-5982, CVE-2020-5983, CVE-2020-5984, CVE-2020-5985, CVE-2020-5986, CVE-2020-5987, CVE-2020-5988, CVE-2020-5989\n\n**Summary Description:**\n\nNVIDIA has released a software security update for the NVIDIA GPU Display Driver and NVIDIA vGPU Software. This update addresses issues that may lead to denial of service, code execution, escalation of privileges, or information disclosure.\n\n**Mitigation Strategy for Customers (what you should do to protect yourself):**\n\nNVIDIA recommends upgrading to the driver version (or newer) indicated for your model in the Product Impact section below\n", "edition": 18, "modified": "2021-01-13T15:47:23", "published": "2020-10-06T23:17:43", "id": "LENOVO:PS500358-NVIDIA-GPU-DISPLAY-DRIVER-SEPTEMBER-2020-SECURITY-BULLETIN-NOSID", "href": "https://support.lenovo.com/us/en/product_security/ps500358-nvidia-gpu-display-driver-september-2020-security-bulletin", "title": "NVIDIA GPU Display Driver - September 2020 Security Bulletin - Lenovo Support US", "type": "lenovo", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}]}
