CVE-2020-5973

Publication date 24 June 2020

Last updated 24 July 2024


Ubuntu priority

Cvss 3 Severity Score

4.4 · Medium

Score breakdown

NVIDIA Virtual GPU Manager and the guest drivers contain a vulnerability in vGPU plugin, in which there is the potential to execute privileged operations, which may lead to denial of service. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).

From the Ubuntu Security Team

It was discovered that the NVIDIA virtual GPU guest drivers contained an unspecified vulnerability that could potentially lead to privileged operation execution. An attacker could use this to cause a denial of service.

Status

Package Ubuntu Release Status
nvidia-graphics-drivers-390 20.04 LTS focal
Fixed 390.138-0ubuntu0.20.04.1
19.10 eoan
Fixed 390.138-0ubuntu0.19.10.1
18.04 LTS bionic
Fixed 390.138-0ubuntu0.18.04.1
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
nvidia-graphics-drivers-440 20.04 LTS focal
Fixed 440.100-0ubuntu0.20.04.1
19.10 eoan
Fixed 440.100-0ubuntu0.19.10.1
18.04 LTS bionic
Fixed 440.100-0ubuntu0.18.04.1
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release

Severity score breakdown

Parameter Value
Base score 4.4 · Medium
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References

Related Ubuntu Security Notices (USN)

    • USN-4404-2
    • Linux kernel vulnerabilities
    • 25 June 2020
    • USN-4404-1
    • NVIDIA graphics drivers vulnerabilities
    • 25 June 2020

Other references