CVE-2021-1084

Published Apr 29, 2021

Last updated 3 years ago

Overview

Description: NVIDIA vGPU driver contains a vulnerability in the guest kernel mode driver and Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data or denial of service. This affects vGPU version 12.x (prior to 12.2) and version 11.x (prior to 11.4).
Source: psirt@nvidia.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 4.6
Impact score: 6.4
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-20

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428"
          },
          {
            "criteria": "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8E4A22C5-B3E1-4106-997C-D1C845F2C1EE"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "307BA20A-8302-4D50-850C-F78779FE47D5",
            "versionEndExcluding": "11.4",
            "versionStartIncluding": "11.0"
          },
          {
            "criteria": "cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "762561CE-9DB3-4100-BB92-ED35B267FB30",
            "versionEndExcluding": "12.2",
            "versionStartIncluding": "12.0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Configurations

References