CVE-2021-1086

Published: Apr 29, 2021Modified: Nov 21, 2024

7.1

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 1.8 / Impact: 5.2

Source: NVD

Description

NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where it allows guests to control unauthorized resources, which may lead to integrity and confidentiality loss or information disclosure. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior to 8.7).

Affected (3)

Products: Nvidia: Virtual Gpu Manager

1 product

Virtual Gpu Manager

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Nvidia Virtual Gpu Manager	From 8.0 to 8.7

Running on/with	Platform Versions
Nutanix Ahv	All versions

Configuration B

2 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Nvidia Virtual Gpu Manager	From 11.0 to 11.4
Nvidia Virtual Gpu Manager	From 12.0 to 12.2

Running on/with	Platform Versions
Citrix Hypervisor	All versions
Redhat Enterprise Linux Kernel Based Virtual Machine	All versions
Vmware Vsphere	All versions

Related CWEs

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://nvidia.custhelp.com/app/answers/detail/a_id/5172

Source: psirt@nvidia.com

Vendor Advisory

https://nvidia.custhelp.com/app/answers/detail/a_id/5172

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.