CVE-2020-5973
Publication date 24 June 2020
Last updated 24 July 2024
Ubuntu priority
NVIDIA Virtual GPU Manager and the guest drivers contain a vulnerability in vGPU plugin, in which there is the potential to execute privileged operations, which may lead to denial of service. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).
From the Ubuntu Security Team
It was discovered that the NVIDIA virtual GPU guest drivers contained an unspecified vulnerability that could potentially lead to privileged operation execution. An attacker could use this to cause a denial of service.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| nvidia-graphics-drivers-390 | 20.04 LTS focal |
Fixed 390.138-0ubuntu0.20.04.1
|
| 18.04 LTS bionic |
Fixed 390.138-0ubuntu0.18.04.1
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| nvidia-graphics-drivers-440 | 20.04 LTS focal |
Fixed 440.100-0ubuntu0.20.04.1
|
| 18.04 LTS bionic |
Fixed 440.100-0ubuntu0.18.04.1
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
4.4 · Medium
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | High |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-4404-2
- Linux kernel vulnerabilities
- 25 June 2020
- USN-4404-1
- NVIDIA graphics drivers vulnerabilities
- 25 June 2020