Description
NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause a use-after-free for stack memory. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
Published: 2026-05-26
Score: 7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

NVIDIA’s Virtual GPU Manager contains a use‑after‑free vulnerability that can be triggered by an attacker, allowing an untrusted entity to read or write arbitrary stack memory. The flaw is classified as CWE-416 and could be abused to cause denial of service, elevate privileges, leak confidential information, tamper with data, or execute arbitrary code from the context of the manager. All of these consequences stem from improper deallocation of stack resources.

Affected Systems

The vulnerability affects NVIDIA’s Virtual GPU Manager; specific product versions were not disclosed. Systems that host virtual GPUs via NVIDIA’s software are potentially impacted.

Risk and Exploitability

The CVSS score of 7.0 reflects a moderate‑to‑high risk. With no EPSS data and absence from CISA’s KEV catalog, the likelihood of exploitation is uncertain but a local or privileged attacker could likely drain the stack and trigger the fault. The attack vector is inferred to be a local or host‑side compromise that targets the virtual GPU manager’s memory handling routines. Organizations running NVIDIA vGPU software should treat this as a serious risk until a patch is applied.

Generated by OpenCVE AI on May 26, 2026 at 19:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade NVIDIA Virtual GPU Manager to the latest version or apply the vendor patch when released.
  • Restrict access to the Virtual GPU Manager service so that only trusted system components can interact with it.
  • If the virtual GPU capability is not required, decommission or disable the Virtual GPU Manager in the environment.

Generated by OpenCVE AI on May 26, 2026 at 19:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Nvidia
Nvidia virtual Gpu Manager
Vendors & Products Nvidia
Nvidia virtual Gpu Manager

Tue, 26 May 2026 19:45:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free in NVIDIA Virtual GPU Manager Enabling Privilege Escalation and Denial of Service

Tue, 26 May 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 26 May 2026 18:00:00 +0000

Type Values Removed Values Added
Description NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause a use-after-free for stack memory. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
Weaknesses CWE-416
References
Metrics cvssV3_1

{'score': 7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Nvidia Virtual Gpu Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-05-27T15:46:42.305Z

Reserved: 2026-01-21T19:09:34.080Z

Link: CVE-2026-24200

cve-icon Vulnrichment

Updated: 2026-05-26T18:35:57.920Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-26T18:16:39.133

Modified: 2026-06-17T10:22:47.110

Link: CVE-2026-24200

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T20:30:14Z

Weaknesses