NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can double-free a pointer, which may lead to denial of service. This flaw may result in a write-what-where condition, allowing an attacker to execute arbitrary code impacting integrity and availability.
The product calls free() twice on the same memory address.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Virtual_gpu | Nvidia | 8.0 (including) | 8.9 (excluding) |
Virtual_gpu | Nvidia | 11.0 (including) | 11.6 (excluding) |
Virtual_gpu | Nvidia | 12.0 (including) | 12.4 (excluding) |
Virtual_gpu | Nvidia | 13.0 (including) | 13.1 (excluding) |