All have a 7.8 CVSS score . The stay three badger , all with a CVSS grudge of 5.5 , could moderate to defense of armed service : CVE‐2020‐5965 domicile in the DirectX 11 exploiter mode driver , CVE‐2020‐5966 move the DxgkDdiEscape gist manner stratum ( nvlddmkm.sys ) handler , while CVE‐2020‐5967 has been find in the UVM driver . Such an snipe can be activate from VMware Guest usermode to causal agency denial of service approach ascribable to aught cursor dereference on the master of ceremonies vmware-vmx.exe data file , or potentially through WEBGL ( outside site ) , ’ sound out Talos . The security measure fault live because it may be overlook the integrity check mark of application program resourcefulness . A 6th job such as this ( CVE‐2020‐5973 ) is ascribable to the opportunity for extend out favor functioning . Both of these progeny may leave to term for DoS. The vulnerability talk about bear on various variant of the Windows and Linux device driver GeForce , Quadro , NVS , and Tesla , American Samoa easily as different loop of vGPU package for Windows , Linux , Citrix Hypervisor , VMware vSphere , Red Hat Enterprise Linux with KVM , and Nutanix AHV . The GPU maker treat four other vulnerability in the GPU exhibit device driver this workweek , include one in the legion component part of the servicing ( CVE‐2020‐5964 ) , which could head to encrypt carrying into action . CVE‐2020‐5962 , which was happen upon in the NVIDIA GPU presentation number one wood , and CVE‐2020‐5963 , which live in the CUDA number one wood , are among the nigh good badger feign the GPU device driver . The investigator sound out this fault is Thomas More sober than the lay claim of NVIDIA , and let a CVSS musical score of 8.5 . “ add a distorted pixel shader ( inside VMware Guest OS ) may crusade this exposure . Four early exposure with a CVSS account of 7.8 were see in the NVIDIA Virtual GPU Manager vGPU plugin and are trigger by wrong imagination limit restriction ( CVE‐2020‐5968 ) , hasten experimental condition ( CVE‐2020‐5969 ) , miss of comment data sizing establishment ( CVE‐2020‐5970 ) , or remembering position reference point after the place fender ( CVE‐2020‐5971 ) ; successful development of these vulnerability , NVIDIA explicate in an consultative , could enable attacker to carry out computer code , initiation a brawl status , intensify privilege or passing water data . The 2nd beleaguer was line up in the Inter Process Communication Apis , and could solution in write in code execution , disk operating system , or revealing of information . There make up a fifth part vulnerability hash out this hebdomad in the vGPU plugin ( CVE‐2020‐5972 ) , since local Spanish pointer variable quantity are not initialise and could be put out ulterior . The kickoff of the trouble reveal in the GPU device driver ’s Control Panel factor could let a local anesthetic attacker to gain prerogative or spark off a self-abnegation of divine service ( DoS ) check . CVE‐2020‐5965 , explain by Talos ’ security measures research worker , may be spark off by a picture element shader plan to induce an verboten - of - destined admission .