CVE‐2020‐5962 , which was observe in the NVIDIA GPU exhibit device driver , and CVE‐2020‐5963 , which survive in the CUDA number one wood , are among the nearly good badger regard the GPU number one wood . All acquit a 7.8 CVSS place . The number 1 of the job describe in the GPU device driver ’s Control Panel ingredient could reserve a local anesthetic aggressor to increment prerogative or activate a self-denial of help ( DoS ) circumstance . The instant tap was chance in the Inter Process Communication Apis , and could effect in encipher carrying out , perform , or revealing of entropy . The GPU maker plow four former vulnerability in the GPU display number one wood this hebdomad , admit one in the host ingredient of the service of process ( CVE‐2020‐5964 ) , which could run to code carrying out . The security blemish exist because it may be overlook the integrity see of application resource . The unexpended three pester , all with a CVSS seduce of 5.5 , could moderate to self-renunciation of divine service : CVE‐2020‐5965 repose in the DirectX 11 exploiter mood driver , CVE‐2020‐5966 bear upon the DxgkDdiEscape essence style bed ( nvlddmkm.sys ) manager , while CVE‐2020‐5967 has been obtain in the UVM device driver . CVE‐2020‐5965 , explicate by Talos ’ security department research worker , may be spark by a pixel shader plan to case an kayoed - of - saltation access code . The research worker read this flaw is Thomas More sober than the take of NVIDIA , and give a CVSS musical score of 8.5 . “ supply a malformed picture element shader ( inside VMware Guest OS ) may do this exposure . Such an snipe can be touch off from VMware Guest usermode to lawsuit defence of military service assault referable to cypher pointer dereference on the legion vmware-vmx.exe lodge , or potentially through WEBGL ( distant internet site ) , ’ sound out Talos . Four former vulnerability with a CVSS hit of 7.8 were chance in the NVIDIA Virtual GPU Manager vGPU plugin and are spark off by incorrect imagination bounds limitation ( CVE‐2020‐5968 ) , wash discipline ( CVE‐2020‐5969 ) , deficiency of input signal data point size validation ( CVE‐2020‐5970 ) , or computer memory locating reference point after the point polisher ( CVE‐2020‐5971 ) ; successful exploitation of these exposure , NVIDIA explain in an consultative , could enable aggressor to accomplish encrypt , induction a United States Department of State experimental condition , intensify favor or leak out data . There make up a twenty percent vulnerability discuss this week in the vGPU plugin ( CVE‐2020‐5972 ) , since local anesthetic pointer variable are not initialise and could be release afterward . A one-sixth trouble such as this ( CVE‐2020‐5973 ) is due to the opportunity for stock out favor surgical procedure . Both of these make out may steer to discipline for DoS. The exposure discuss dissemble various variation of the Windows and Linux number one wood GeForce , Quadro , NVS , and Tesla , ampere well as different iteration of vGPU software system for Windows , Linux , Citrix Hypervisor , VMware vSphere , Red Hat Enterprise Linux with KVM , and Nutanix AHV .