CVE-2021-1120

CWE-1703 documents3 sources
Severity
7.0HIGH
EPSS
0.0%
top 85.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nvidia Virtual GPUNvidia Nvidia Virtual GPU Software
Timeline
PublishedOct 29
Latest updateMay 24

Description

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a string provided by the guest OS may not be properly null terminated. The guest OS or attacker has no ability to push content to the plugin through this vulnerability, which may lead to information disclosure, data tampering, unauthorized code execution, and denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages2 packages

CVEListV5nvidia/nvidia_virtual_gpu_softwarevGPU version 13.x (prior to 13.1), 12.x (prior to 12.4), version 11.x (prior to 11.6) and version 8.x (prior 8.9).
NVDnvidia/virtual_gpu8.08.9+3

🔴Vulnerability Details

2
GHSA
GHSA-jfx5-hxw2-q274: NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a string provided by the guest OS may not be properly nu2022-05-24
CVEList
CVE-2021-1120: NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a string provided by the guest OS may not be properly nu2021-10-29
CVE-2021-1120 (HIGH CVSS 7) | NVIDIA vGPU software contains a vul | cvebase.io