Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

CVE-2021-1085

Published

2 years ago

Last Modified

2 years ago

CVSSv2.0 Severity

Medium

CVSSv3.1 Severity

High

Impact Analysis

NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to write to a shared memory location and manipulate the data after the data has been validated, which may lead to denial of service and escalation of privileges and information disclosure but attacker doesn't have control over what information is obtained. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior to 8.7)..

CVSSv2.0 Score

Severity: Medium
Base Score: 4.6/10
Exploit Score: 3.9/10
Access Vector: Local
Access Complexity: Low
Authentication Required: None
Impact Score: 6.4/10
Confidentiality Impact: Partial
Availability Impact: Partial
Integrity Impact: Partial

CVSSv3.1 Score

Severity: High
Base Score: 7.3/10
Exploit Score: 1.8/10
Access Vector: Local
Access Complexity: Low
Privileges Required: Low
Impact Score: 5.5/10
Confidentiality Impact: Low
Availability Impact: High
Integrity Impact: High
Scope: Unchanged
User Interaction: None

Products Affected

CPE	Affected	Vulnerable	Excluding
cpe:2.3:a:nvidia:virtual_gpu_manager::::::::	Yes	8.0	8.7
cpe:2.3:o:citrix:hypervisor:-:::::::*	No		-
cpe:2.3:o:nutanix:ahv:-:::::::*	No		-
cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machi	No		-
cpe:2.3:o:vmware:vsphere:-:::::::*	No		-
cpe:2.3:a:nvidia:virtual_gpu_manager::::::::	Yes	11.0	11.4
cpe:2.3:a:nvidia:virtual_gpu_manager::::::::	Yes	12.0	12.2
cpe:2.3:o:citrix:hypervisor:-:::::::*	No		-
cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machi	No		-
cpe:2.3:o:vmware:vsphere:-:::::::*	No		-

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5172