NVIDIA Virtual Gpu Manager

CVE-2025-33220: Heap Use-After-Free in NVIDIA Virtual GPU Manager
CVE-2025-33220 7.8 - High - January 28, 2026

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause heap memory access after the memory is freed. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.

Dangling pointer

NVIDIA Display Driver Kernel Module Integer Overflow
CVE-2025-33219 7.8 - High - January 28, 2026

NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.

Integer Overflow or Wraparound

NVIDIA vGPU VMM Uninitialized Pointer Access CVE-2025-23352
CVE-2025-23352 7.8 - High - October 23, 2025

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause uninitialized pointer access. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Access of Uninitialized Pointer

CVE-2025-23332: NVIDIA Linux Driver Kernel Mod Nullptr Deref DoS
CVE-2025-23332 5 - Medium - October 23, 2025

NVIDIA Display Driver for Linux contains a vulnerability in a kernel module, where an attacker might be able to trigger a null pointer deference. A successful exploit of this vulnerability might lead to denial of service.

NULL Pointer Dereference

NVIDIA Linux Kernel Driver DoS via NPE
CVE-2025-23300 5.5 - Medium - October 23, 2025

NVIDIA Display Driver for Linux contains a vulnerability in the kernel driver, where a user could cause a null pointer dereference by allocating a specific memory resource. A successful exploit of this vulnerability might lead to denial of service.

NULL Pointer Dereference

NVIDIA Linux Display Driver Race Condition PrivEsc
CVE-2025-23282 7 - High - October 10, 2025

NVIDIA Display Driver for Linux contains a vulnerability where an attacker might be able to use a race condition to escalate privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.

Double-free

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can lead to floating point exceptions
CVE-2021-1102 5.5 - Medium - July 21, 2021

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can lead to floating point exceptions, which may lead to denial of service. This affects vGPU version 12.x (prior to 12.3), version 11.x (prior to 11.5) and version 8.x (prior 8.8).

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a NULL pointer
CVE-2021-1101 5.5 - Medium - July 21, 2021

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a NULL pointer, which may lead to denial of service. This affects vGPU version 12.x (prior to 12.3), version 11.x (prior to 11.5) and version 8.x (prior 8.8).

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager kernel mode driver (nvidia.ko), in
CVE-2021-1100 6.2 - Medium - July 21, 2021

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager kernel mode driver (nvidia.ko), in which a pointer to a user-space buffer is not validated before it is dereferenced, which may lead to denial of service. This affects vGPU version 12.x (prior to 12.3), version 11.x (prior to 11.5) and version 8.x (prior 8.8).

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in
CVE-2021-1066 - January 08, 2021

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which input data is not validated, which may lead to unexpected consumption of resources, which in turn may lead to denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).

NVIDIA Virtual GPU Manager NVIDIA vGPU manager contains a vulnerability in the vGPU plugin in which it
CVE-2021-1057 - January 08, 2021

NVIDIA Virtual GPU Manager NVIDIA vGPU manager contains a vulnerability in the vGPU plugin in which it allows guests to allocate some resources for which the guest is not authorized, which may lead to integrity and confidentiality loss, denial of service, or information disclosure. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in
CVE-2021-1059 - January 08, 2021

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input index is not validated, which may lead to integer overflow, which in turn may cause tampering of data, information disclosure, or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which a race condition may cause the vGPU plugin to continue using a previously validated resource
CVE-2021-1061 - January 08, 2021

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which a race condition may cause the vGPU plugin to continue using a previously validated resource that has since changed, which may lead to denial of service or information disclosure. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in
CVE-2021-1062 - January 08, 2021

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input data length is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in
CVE-2021-1063 - January 08, 2021

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input offset is not validated, which may lead to a buffer overread, which in turn may cause tampering of data, information disclosure, or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which it obtains a value
CVE-2021-1064 - January 08, 2021

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which it obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer, which may lead to information disclosure or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in
CVE-2021-1065 - January 08, 2021

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which input data is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in
CVE-2020-5988 7.1 - High - October 02, 2020

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which allocated memory can be freed twice, which may lead to information disclosure or denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0.

Dangling pointer

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in
CVE-2020-5989 5.5 - Medium - October 02, 2020

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which it can dereference a NULL pointer, which may lead to denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0.

NULL Pointer Dereference

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in
CVE-2020-5987 7.8 - High - October 02, 2020

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which guest-supplied parameters remain writable by the guest after the plugin has validated them, which may lead to the guest being able to pass invalid parameters to plugin handlers, which may lead to denial of service or escalation of privileges. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0.

Insufficient Cleanup

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in
CVE-2020-5986 5.5 - Medium - October 02, 2020

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data size is not validated, which may lead to tampering or denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0.

Improper Input Validation

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in
CVE-2020-5985 7.1 - High - October 02, 2020

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data length is not validated, which may lead to tampering or denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0.

Improper Input Validation

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in
CVE-2020-5984 7.8 - High - October 02, 2020

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which it may have the use-after-free vulnerability while freeing some resources, which may lead to denial of service, code execution, and information disclosure. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0.

Dangling pointer

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin and the host driver kernel module, in which the potential exists to write to a memory location
CVE-2020-5983 7.1 - High - October 02, 2020

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin and the host driver kernel module, in which the potential exists to write to a memory location that is outside the intended boundary of the frame buffer memory allocated to guest operating systems, which may lead to denial of service or information disclosure. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0.

Memory Corruption

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in
CVE-2020-5979 7.8 - High - October 02, 2020

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which a user is presented with a dialog box for input by a high-privilege process, which may lead to escalation of privileges.

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in multiple components in
CVE-2020-5980 7.8 - High - October 02, 2020

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in multiple components in which a securely loaded system DLL will load its dependencies in an insecure fashion, which may lead to code execution or denial of service.

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), in
CVE-2020-5981 7.8 - High - October 02, 2020

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), in which a specially crafted shader can cause an out of bounds access, which may lead to denial of service or code execution.

Memory Corruption

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) scheduler, in which the software does not properly limit the number or frequency of interactions
CVE-2020-5982 4.4 - Medium - October 02, 2020

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) scheduler, in which the software does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests, which may lead to denial of service.

Allocation of Resources Without Limits or Throttling

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in
CVE-2020-5972 7.1 - High - June 30, 2020

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which local pointer variables are not initialized and may be freed later, which may lead to tampering or denial of service. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).

Release of Invalid Pointer or Reference

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which the software reads from a buffer by using buffer access mechanisms such as indexes or pointers
CVE-2020-5971 7.8 - High - June 30, 2020

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which the software reads from a buffer by using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer, which may lead to code execution, denial of service, escalation of privileges, or information disclosure. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).

Out-of-bounds Read

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in
CVE-2020-5970 7.1 - High - June 30, 2020

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data size is not validated, which may lead to tampering or denial of service. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).

Improper Input Validation

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in
CVE-2020-5969 6.3 - Medium - June 30, 2020

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which it validates a shared resource before using it, creating a race condition which may lead to denial of service or information disclosure. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).

Race Condition

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which the software does not restrict or incorrectly restricts operations within the boundaries of a resource
CVE-2020-5968 7.8 - High - June 30, 2020

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which the software does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed by using an index or pointer, such as memory or files, which may lead to code execution, denial of service, escalation of privileges, or information disclosure. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).

Buffer Overflow

NVIDIA Virtual GPU Manager contains a vulnerability in the kernel module (nvidia.ko), where a null pointer dereference may occur
CVE-2020-5960 5.5 - Medium - March 12, 2020

NVIDIA Virtual GPU Manager contains a vulnerability in the kernel module (nvidia.ko), where a null pointer dereference may occur, which may lead to denial of service.

NULL Pointer Dereference

NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in the vGPU plugin in
CVE-2020-5959 5.5 - Medium - March 12, 2020

NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in the vGPU plugin in which an input index value is incorrectly validated which may lead to denial of service.

Improper Input Validation

NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in
CVE-2019-5696 5.5 - Medium - November 09, 2019

NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in which the provision of an incorrectly sized buffer by a guest VM leads to GPU out-of-bound access, which may lead to a denial of service.

Incorrect Calculation of Buffer Size

NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in the vGPU plugin, in
CVE-2019-5698 4.4 - Medium - November 09, 2019

NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in the vGPU plugin, in which an input index value is incorrectly validated, which may lead to denial of service.

out-of-bounds array index

NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in which it may grant a guest access to memory
CVE-2019-5697 7.1 - High - November 09, 2019

NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in which it may grant a guest access to memory that it does not own, which may lead to information disclosure or denial of service.