CVE-2021-1062
Published Jan 8, 2021
Last updated a year ago
Overview
- Description
- NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input data length is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).
- Source
- psirt@nvidia.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.1
- Impact score
- 5.2
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 3.6
- Impact score
- 4.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:N/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-1284
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0DA97A67-954D-4736-8E12-4297A2800942",
"versionEndExcluding": "8.6",
"versionStartIncluding": "8.0"
},
{
"criteria": "cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6394FDD5-DFFC-4F30-AD8B-BECF8889E829",
"versionEndExcluding": "11.3",
"versionStartIncluding": "11.0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE"
},
{
"criteria": "cpe:2.3:o:nutanix:ahv:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A64905FE-AC41-4804-9F9F-0B24E7323590"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428"
},
{
"criteria": "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "8E4A22C5-B3E1-4106-997C-D1C845F2C1EE"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]