Description
NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause a use-after-free for stack memory. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- NVIDIA / Virtual GPU Manager595.58.02(All versions up to and including the March 2026 release) – 595.58.02(All versions up to and including the March 2026 release)
- NVIDIA / Virtual GPU Manager580.126.08(All versions prior to and including vGPU 19.4) – 580.126.08(All versions prior to and including vGPU 19.4)
- NVIDIA / Virtual GPU Manager535.288.01(All versions prior to and including vGPU 16.13) – 535.288.01(All versions prior to and including vGPU 16.13)
- NVIDIA / Virtual GPU Manager595.94(All versions prior to and including vGPU 20.0) – 595.94(All versions prior to and including vGPU 20.0)
- NVIDIA / Virtual GPU Manager582.16(All versions prior to and including vGPU 19.4) – 582.16(All versions prior to and including vGPU 19.4)