CVE-2020-5987 - Vulnerability Details

Vendors	Products
Nvidia	Virtual Gpu Manager

Link	Providers
https://nvidia.custhelp.com/app/answers/detail/a_id/5075

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "NVIDIA vGPU Software", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0."}]}], "descriptions": [{"lang": "en", "value": "NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which guest-supplied parameters remain writable by the guest after the plugin has validated them, which may lead to the guest being able to pass invalid parameters to plugin handlers, which may lead to denial of service or escalation of privileges. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0."}], "problemTypes": [{"descriptions": [{"description": "denial of service or escalation of privileges", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-02T21:10:22", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5075"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@nvidia.com", "ID": "CVE-2020-5987", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "NVIDIA vGPU Software", "version": {"version_data": [{"version_value": "vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0."}]}}]}, "vendor_name": "NVIDIA"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which guest-supplied parameters remain writable by the guest after the plugin has validated them, which may lead to the guest being able to pass invalid parameters to plugin handlers, which may lead to denial of service or escalation of privileges. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "denial of service or escalation of privileges"}]}]}, "references": {"reference_data": [{"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5075", "refsource": "CONFIRM", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5075"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:47:41.015Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5075"}]}]}, "cveMetadata": {"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2020-5987", "datePublished": "2020-10-02T21:10:22", "dateReserved": "2020-01-07T00:00:00", "dateUpdated": "2024-08-04T08:47:41.015Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : NVIDIA vGPU Software (string)

vendor : NVIDIA (string)

versions : [ »

0 : { »

status : affected (string)

version : vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which guest-supplied parameters remain writable by the guest after the plugin has validated them, which may lead to the guest being able to pass invalid parameters to plugin handlers, which may lead to denial of service or escalation of privileges. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : denial of service or escalation of privileges (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2020-10-02T21:10:22 (string)

orgId : 9576f279-3576-44b5-a4af-b9a8644b2de6 (string)

shortName : nvidia (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://nvidia.custhelp.com/app/answers/detail/a_id/5075 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : psirt@nvidia.com (string)

ID : CVE-2020-5987 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : NVIDIA vGPU Software (string)

version : { »

version_data : [ »

0 : { »

version_value : vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. (string)

}

]

}

]

}

vendor_name : NVIDIA (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which guest-supplied parameters remain writable by the guest after the plugin has validated them, which may lead to the guest being able to pass invalid parameters to plugin handlers, which may lead to denial of service or escalation of privileges. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : denial of service or escalation of privileges (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://nvidia.custhelp.com/app/answers/detail/a_id/5075 (string)

refsource : CONFIRM (string)

url : https://nvidia.custhelp.com/app/answers/detail/a_id/5075 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T08:47:41.015Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://nvidia.custhelp.com/app/answers/detail/a_id/5075 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 9576f279-3576-44b5-a4af-b9a8644b2de6 (string)

assignerShortName : nvidia (string)

cveId : CVE-2020-5987 (string)

datePublished : 2020-10-02T21:10:22 (string)

dateReserved : 2020-01-07T00:00:00 (string)

dateUpdated : 2024-08-04T08:47:41.015Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "5EC11059-6D80-4B57-A707-63E18EDA14C6", "versionEndExcluding": "8.5", "versionStartIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "8800EEF9-04A5-4854-A138-F322F54353F0", "versionEndExcluding": "10.4", "versionStartIncluding": "10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:virtual_gpu_manager:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "94272D9F-BBAE-4FA2-8E3C-315FD40A752F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which guest-supplied parameters remain writable by the guest after the plugin has validated them, which may lead to the guest being able to pass invalid parameters to plugin handlers, which may lead to denial of service or escalation of privileges. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0."}, {"lang": "es", "value": "NVIDIA Virtual GPU Manager contiene una vulnerabilidad en el plugin vGPU en la que los par\u00e1metros suministrados por un invitado siguen siendo escribible por el invitado despu\u00e9s de que el plugin los ha comprobado, lo que puede conllevar al invitado a ser capaz de pasar par\u00e1metros no v\u00e1lidos hacia los controladores del plugin, lo que puede conllevar a una denegaci\u00f3n de servicio o una escalada de privilegios.&#xa0;Esto afecta a vGPU versi\u00f3n 8.x (anteriores a 8.5), versi\u00f3n 10.x (anteriores a 10.4) y versi\u00f3n 11.0"}], "id": "CVE-2020-5987", "lastModified": "2024-11-21T05:34:57.430", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-02T21:15:13.093", "references": [{"source": "psirt@nvidia.com", "tags": ["Vendor Advisory"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5075"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5075"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-459"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 5EC11059-6D80-4B57-A707-63E18EDA14C6 (string)

versionEndExcluding : 8.5 (string)

versionStartIncluding : 8.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 8800EEF9-04A5-4854-A138-F322F54353F0 (string)

versionEndExcluding : 10.4 (string)

versionStartIncluding : 10.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:nvidia:virtual_gpu_manager:11.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 94272D9F-BBAE-4FA2-8E3C-315FD40A752F (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which guest-supplied parameters remain writable by the guest after the plugin has validated them, which may lead to the guest being able to pass invalid parameters to plugin handlers, which may lead to denial of service or escalation of privileges. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. (string)

}

1 : { »

lang : es (string)

value : NVIDIA Virtual GPU Manager contiene una vulnerabilidad en el plugin vGPU en la que los parámetros suministrados por un invitado siguen siendo escribible por el invitado después de que el plugin los ha comprobado, lo que puede conllevar al invitado a ser capaz de pasar parámetros no válidos hacia los controladores del plugin, lo que puede conllevar a una denegación de servicio o una escalada de privilegios. Esto afecta a vGPU versión 8.x (anteriores a 8.5), versión 10.x (anteriores a 10.4) y versión 11.0 (string)

}

]

id : CVE-2020-5987 (string)

lastModified : 2024-11-21T05:34:57.430 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 4.6 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:L/AC:L/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 7.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2020-10-02T21:15:13.093 (string)

references : [ »

0 : { »

source : psirt@nvidia.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://nvidia.custhelp.com/app/answers/detail/a_id/5075 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://nvidia.custhelp.com/app/answers/detail/a_id/5075 (string)

}

]

sourceIdentifier : psirt@nvidia.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-459 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object