CVE-2021-1061

Published Jan 8, 2021

Last updated 4 years ago

Overview

Description: NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which a race condition may cause the vGPU plugin to continue using a previously validated resource that has since changed, which may lead to denial of service or information disclosure. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).
Source: psirt@nvidia.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.3
Impact score: 5.2
Exploitability score: 1
Vector string: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 3.3
Impact score: 4.9
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:P/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-362

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0DA97A67-954D-4736-8E12-4297A2800942",
            "versionEndExcluding": "8.6",
            "versionStartIncluding": "8.0"
          },
          {
            "criteria": "cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6394FDD5-DFFC-4F30-AD8B-BECF8889E829",
            "versionEndExcluding": "11.3",
            "versionStartIncluding": "11.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE"
          },
          {
            "criteria": "cpe:2.3:o:nutanix:ahv:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A64905FE-AC41-4804-9F9F-0B24E7323590"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428"
          },
          {
            "criteria": "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8E4A22C5-B3E1-4106-997C-D1C845F2C1EE"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Configurations

References