Detections
Analytics

NVIDIA Virtual GPU Manager Multiple Vulnerabilities (May 2026)

high Nessus Plugin ID 316512

Synopsis

A GPU virtualization application installed on the remote host is affected by multiple vulnerabilities.

Description

The NVIDIA Virtual GPU Manager software on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, including the following:

 - A vulnerability exists where an attacker could leak held driver locks, potentially leading to denial of service. (CVE-2026-24182, CVE-2026-24199)

 - A vulnerability exists where an attacker could cause a use-after-free, potentially leading to denial of service, escalation of privileges, information disclosure, data tampering, and code execution. (CVE-2026-24187)

 - A vulnerability exists where an attacker could cause an incorrect conversion between numeric types, leading to a heap buffer overflow. Successful exploit of this vulnerability could potentially lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution. (CVE-2026-24192)

 - A vulnerability exists in Multi-Instance GPU (MIG) partition management, where an insecure default initialization of memory subsystem routing resources could lead to data corruption or a hang during partition reconfiguration. Successful exploit of this vulnerability could potentially lead to denial of service. (CVE-2026-24197)

 - A vulnerability exists in the virtual GPU manager, where an attacker could cause a use-after-free for stack memory, potentially leading to denial of service, escalation of privileges, information disclosure, data tampering, and code execution. (CVE-2026-24200)

 - A vulnerability exists in the virtual GPU manager, where an attacker could cause an out-of-bounds access, potentially leading to data tampering, denial of service, or information disclosure. (CVE-2026-24201)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the NVIDIA vGPU Manager software in accordance with the vendor advisory.

See Also

http://www.nessus.org/u?6204496e

Plugin Details

Severity: High

ID: 316512

File Name: nvidia_vgpu_2026_5.nasl

Version: 1.1

Type: Local

Agent: unix

Family: Misc.

Published: 5/22/2026

Updated: 5/22/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2026-24187

CVSS v3

Risk Factor: High

Base Score: 8.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:nvidia:virtual_gpu_manager

Required KB Items: installed_sw/NVIDIA Virtual GPU Manager

Patch Publication Date: 5/19/2026

Vulnerability Publication Date: 5/19/2026

Reference Information

CVE: CVE-2026-24182, CVE-2026-24187, CVE-2026-24192, CVE-2026-24197, CVE-2026-24199, CVE-2026-24200, CVE-2026-24201

IAVA: 2026-A-0493