From 99b82150144b475add0a4811edad367da12ee3b9 Mon Sep 17 00:00:00 2001 From: PSIRT-NVIDIA Date: Fri, 2 Oct 2020 16:01:42 -0500 Subject: [PATCH] NVIDIA-vGPU Driver-Sept-2020 NVIDIA-vGPU Driver-Sept-2020 --- 2020/5xxx/CVE-2020-5983.json | 78 ++++++++++++++++++++++++++++-------- 2020/5xxx/CVE-2020-5984.json | 78 ++++++++++++++++++++++++++++-------- 2020/5xxx/CVE-2020-5985.json | 78 ++++++++++++++++++++++++++++-------- 2020/5xxx/CVE-2020-5986.json | 78 ++++++++++++++++++++++++++++-------- 2020/5xxx/CVE-2020-5987.json | 78 ++++++++++++++++++++++++++++-------- 2020/5xxx/CVE-2020-5988.json | 78 ++++++++++++++++++++++++++++-------- 2020/5xxx/CVE-2020-5989.json | 78 ++++++++++++++++++++++++++++-------- 7 files changed, 427 insertions(+), 119 deletions(-) diff --git a/2020/5xxx/CVE-2020-5983.json b/2020/5xxx/CVE-2020-5983.json index 5628b618e2c..4c62dc40beb 100644 --- a/2020/5xxx/CVE-2020-5983.json +++ b/2020/5xxx/CVE-2020-5983.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-5983", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file + "data_type" : "CVE", + "data_format" : "MITRE", + "data_version" : "4.0", + "CVE_data_meta" : { + "ID" : "CVE-2020-5983", + "ASSIGNER" : "psirt@nvidia.com", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "vendor_name" : "NVIDIA", + "product" : { + "product_data" : [ + { + "product_name" : "NVIDIA vGPU Software", + "version" : { + "version_data" : [ + { + "version_value" : "vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "denial of service or information disclosure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5075", + "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5075" + } + ] + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin and the host driver kernel module, in which the potential exists to write to a memory location that is outside the intended boundary of the frame buffer memory allocated to guest operating systems, which may lead to denial of service or information disclosure. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0." + } + ] + } +} diff --git a/2020/5xxx/CVE-2020-5984.json b/2020/5xxx/CVE-2020-5984.json index 2c65785193d..d9ebb3df94c 100644 --- a/2020/5xxx/CVE-2020-5984.json +++ b/2020/5xxx/CVE-2020-5984.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-5984", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file + "data_type" : "CVE", + "data_format" : "MITRE", + "data_version" : "4.0", + "CVE_data_meta" : { + "ID" : "CVE-2020-5984", + "ASSIGNER" : "psirt@nvidia.com", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "vendor_name" : "NVIDIA", + "product" : { + "product_data" : [ + { + "product_name" : "NVIDIA vGPU Software", + "version" : { + "version_data" : [ + { + "version_value" : "vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "denial of service, code execution, and information disclosure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5075", + "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5075" + } + ] + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : " NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which it may have the use-after-free vulnerability while freeing some resources, which may lead to denial of service, code execution, and information disclosure. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0." + } + ] + } +} diff --git a/2020/5xxx/CVE-2020-5985.json b/2020/5xxx/CVE-2020-5985.json index 53143b3ef94..5d17ed543ab 100644 --- a/2020/5xxx/CVE-2020-5985.json +++ b/2020/5xxx/CVE-2020-5985.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-5985", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file + "data_type" : "CVE", + "data_format" : "MITRE", + "data_version" : "4.0", + "CVE_data_meta" : { + "ID" : "CVE-2020-5985", + "ASSIGNER" : "psirt@nvidia.com", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "vendor_name" : "NVIDIA", + "product" : { + "product_data" : [ + { + "product_name" : "NVIDIA vGPU Software", + "version" : { + "version_data" : [ + { + "version_value" : "vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "denial of service" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5075", + "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5075" + } + ] + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data length is not validated, which may lead to tampering or denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0." + } + ] + } +} diff --git a/2020/5xxx/CVE-2020-5986.json b/2020/5xxx/CVE-2020-5986.json index 01b6f9d46f4..8e06eab0fb7 100644 --- a/2020/5xxx/CVE-2020-5986.json +++ b/2020/5xxx/CVE-2020-5986.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-5986", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file + "data_type" : "CVE", + "data_format" : "MITRE", + "data_version" : "4.0", + "CVE_data_meta" : { + "ID" : "CVE-2020-5986", + "ASSIGNER" : "psirt@nvidia.com", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "vendor_name" : "NVIDIA", + "product" : { + "product_data" : [ + { + "product_name" : "NVIDIA vGPU Software", + "version" : { + "version_data" : [ + { + "version_value" : "vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "denial of service" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5075", + "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5075" + } + ] + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data size is not validated, which may lead to tampering or denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0." + } + ] + } +} diff --git a/2020/5xxx/CVE-2020-5987.json b/2020/5xxx/CVE-2020-5987.json index fba7fe5ef90..87b2cb9e6f8 100644 --- a/2020/5xxx/CVE-2020-5987.json +++ b/2020/5xxx/CVE-2020-5987.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-5987", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file + "data_type" : "CVE", + "data_format" : "MITRE", + "data_version" : "4.0", + "CVE_data_meta" : { + "ID" : "CVE-2020-5987", + "ASSIGNER" : "psirt@nvidia.com", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "vendor_name" : "NVIDIA", + "product" : { + "product_data" : [ + { + "product_name" : "NVIDIA vGPU Software", + "version" : { + "version_data" : [ + { + "version_value" : "vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "denial of service or escalation of privileges" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5075", + "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5075" + } + ] + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which guest-supplied parameters remain writable by the guest after the plugin has validated them, which may lead to the guest being able to pass invalid parameters to plugin handlers, which may lead to denial of service or escalation of privileges. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0." + } + ] + } +} diff --git a/2020/5xxx/CVE-2020-5988.json b/2020/5xxx/CVE-2020-5988.json index 902487bd052..d9fe290e56c 100644 --- a/2020/5xxx/CVE-2020-5988.json +++ b/2020/5xxx/CVE-2020-5988.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-5988", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file + "data_type" : "CVE", + "data_format" : "MITRE", + "data_version" : "4.0", + "CVE_data_meta" : { + "ID" : "CVE-2020-5988", + "ASSIGNER" : "psirt@nvidia.com", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "vendor_name" : "NVIDIA", + "product" : { + "product_data" : [ + { + "product_name" : "NVIDIA vGPU Software", + "version" : { + "version_data" : [ + { + "version_value" : "vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "denial of service or information disclosure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5075", + "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5075" + } + ] + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which allocated memory can be freed twice, which may lead to information disclosure or denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0." + } + ] + } +} diff --git a/2020/5xxx/CVE-2020-5989.json b/2020/5xxx/CVE-2020-5989.json index a9b4181184f..1dbb5b6b47d 100644 --- a/2020/5xxx/CVE-2020-5989.json +++ b/2020/5xxx/CVE-2020-5989.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-5989", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file + "data_type" : "CVE", + "data_format" : "MITRE", + "data_version" : "4.0", + "CVE_data_meta" : { + "ID" : "CVE-2020-5989", + "ASSIGNER" : "psirt@nvidia.com", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "vendor_name" : "NVIDIA", + "product" : { + "product_data" : [ + { + "product_name" : "NVIDIA vGPU Software", + "version" : { + "version_data" : [ + { + "version_value" : "vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "denial of service" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5075", + "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5075" + } + ] + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which it can dereference a NULL pointer, which may lead to denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0." + } + ] + } +}