CVE-2021-1100

CWE-1100CWE-78OS Command Injection6 documents6 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 86.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nvidia Virtual GPUNvidia Nvidia Virtual GPU Software
Timeline
PublishedJul 21
Latest updateMay 24

Description

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager kernel mode driver (nvidia.ko), in which a pointer to a user-space buffer is not validated before it is dereferenced, which may lead to denial of service. This affects vGPU version 12.x (prior to 12.3), version 11.x (prior to 11.5) and version 8.x (prior 8.8).

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.5 | Impact: 3.6

Affected Packages2 packages

CVEListV5nvidia/nvidia_virtual_gpu_softwarevGPU version 12.x (prior to 12.3), version 11.x (prior to 11.5) and version 8.x (prior 8.8).
NVDnvidia/virtual_gpu8.08.8+2

Patches

Patch: nvidia.custhelp.comPatch: nvidia.custhelp.com

🔴Vulnerability Details

3
GHSA
GHSA-qp98-xmvw-85jp: NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager kernel mode driver (nvidia2022-05-24
CVEList
CVE-2021-1100: NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager kernel mode driver (nvidia2021-07-21
GHSA
Improper network isolation in Hashicorp Nomad2021-06-24

💥Exploits & PoCs

1
Exploit-DB
Zyxel NWA-1100-NH - Command Injection2022-04-19

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software Hardware Initialization Routines Arbitrary Code Execution Vulnerability2021-03-24
CVE-2021-1100 (MEDIUM CVSS 5.5) | NVIDIA vGPU software contains a vul | cvebase.io