CVE-2021-1058

CWE-1284CWE-20Improper Input ValidationCWE-4044 documents4 sources
Severity
7.1HIGH
EPSS
0.1%
top 84.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nvidia Virtual GPU ManagerNvidia Nvidia Virtual GPU Software
Timeline
PublishedJan 8
Latest updateJun 19

Description

NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and vGPU plugin, in which an input data size is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

CVEListV5nvidia/nvidia_virtual_gpu_softwareVersion 8.x (prior to 8.6) and version 11.0 (prior to 11.3)
NVDnvidia/virtual_gpu_manager8.08.6+1

🔴Vulnerability Details

2
GHSA
GHSA-78wp-q3w8-4443: NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and vGPU plugin, in which an input data size is not validated, which may2022-05-24
CVEList
CVE-2021-1058: NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and vGPU plugin, in which an input data size is not validated, which may2021-01-08

📋Vendor Advisories

1
Red Hat
kernel: btrfs: fix memory leak in __add_inode_ref()2024-06-19
CVE-2021-1058 (HIGH CVSS 7.1) | NVIDIA vGPU software contains a vul | cvebase.io