CVE-2021-1087

Published Apr 29, 2021

Last updated 2 years ago

Overview

Description: NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin), which could allow an attacker to retrieve information that could lead to a Address Space Layout Randomization (ASLR) bypass. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior to 8.7).
Source: psirt@nvidia.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3797FFB1-321C-4264-B6FA-B69F598BFC15",
            "versionEndExcluding": "8.7",
            "versionStartIncluding": "8.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE"
          },
          {
            "criteria": "cpe:2.3:o:nutanix:ahv:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A64905FE-AC41-4804-9F9F-0B24E7323590"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428"
          },
          {
            "criteria": "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8E4A22C5-B3E1-4106-997C-D1C845F2C1EE"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "307BA20A-8302-4D50-850C-F78779FE47D5",
            "versionEndExcluding": "11.4",
            "versionStartIncluding": "11.0"
          },
          {
            "criteria": "cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "762561CE-9DB3-4100-BB92-ED35B267FB30",
            "versionEndExcluding": "12.2",
            "versionStartIncluding": "12.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428"
          },
          {
            "criteria": "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8E4A22C5-B3E1-4106-997C-D1C845F2C1EE"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Configurations

References