Description
NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause an out-of-bound access. A successful exploit of this vulnerability might lead to data tampering, denial of service, or information disclosure.
Published: 2026-05-26
Score: 5.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a buffer overflow (CWE-787) in NVIDIA's Virtual GPU Manager. An attacker who can send crafted data to the manager could trigger an out‑of‑bounds memory access, enabling tampering of program data, forced service termination, or leakage of sensitive information. The impact is confined to the virtual GPU environment and the host processes interacting with it, potentially allowing an attacker to disrupt or compromise the integrity of the virtualized graphics workload and the host system.

Affected Systems

NVIDIA Virtual GPU Manager is affected. Specific product or version details are not provided in the CNA data; administrators should confirm that any installed vGPU software is newer than the last known vulnerable release.

Risk and Exploitability

The CVSS score of 5.8 indicates a medium risk level. EPSS data is unavailable, so current exploitation likelihood is unknown. The vulnerability is not listed in CISA's KEV catalog, suggesting no known widespread exploitation. The likely attack vector is inferred to be a local or networked attack that can influence the virtual GPU manager through the graphics driver interface, but the precise conditions are not specified in the advisory.

Generated by OpenCVE AI on May 26, 2026 at 19:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest NVIDIA vGPU software update that contains the vulnerability fix
  • If a patch is not yet available, block or isolate the untrusted workload from using the virtual GPU manager on the host
  • Implement host‑level isolation or restrict driver access to mitigate the impact of a potential buffer overflow

Generated by OpenCVE AI on May 26, 2026 at 19:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Nvidia
Nvidia virtual Gpu Manager
Vendors & Products Nvidia
Nvidia virtual Gpu Manager

Tue, 26 May 2026 19:45:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Access in NVIDIA Virtual GPU Manager Leading to Data Tampering or Denial of Service

Tue, 26 May 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 26 May 2026 18:00:00 +0000

Type Values Removed Values Added
Description NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause an out-of-bound access. A successful exploit of this vulnerability might lead to data tampering, denial of service, or information disclosure.
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 5.8, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H'}

Subscriptions

Nvidia Virtual Gpu Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-05-27T15:47:19.731Z

Reserved: 2026-01-21T19:09:34.870Z

Link: CVE-2026-24201

cve-icon Vulnrichment

Updated: 2026-05-26T18:35:43.375Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-26T18:16:39.263

Modified: 2026-06-17T10:22:47.210

Link: CVE-2026-24201

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T20:00:12Z

Weaknesses