7.8

CVE-2021-1082

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior to 8.7)

Data is provided by the National Vulnerability Database (NVD)
NvidiaVirtual Gpu Manager Version >= 8.0 < 8.7
   CitrixHypervisor Version-
   NutanixAhv Version-
   RedhatEnterprise Linux Kernel-based Virtual Machine Version-
   VMwareVsphere Version-
NvidiaVirtual Gpu Manager Version >= 11.0 < 11.4
   CitrixHypervisor Version-
   RedhatEnterprise Linux Kernel-based Virtual Machine Version-
   VMwareVsphere Version-
NvidiaVirtual Gpu Manager Version >= 12.0 < 12.2
   CitrixHypervisor Version-
   RedhatEnterprise Linux Kernel-based Virtual Machine Version-
   VMwareVsphere Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.05% 0.137
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
psirt@nvidia.com 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-1284 Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.