CVE-2021-1118

EPSS 0.11%
Veröffentlicht 29.10.2021 20:15:08
Zuletzt bearbeitet 21.11.2024 05:43:37
Quelle psirt@nvidia.com
CVE-Watchlists
Login
Unerledigt
Login

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to execute privileged operations by the guest OS, which may lead to information disclosure, data tampering, escalation of privileges, and denial of service

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nvidia ≫ Virtual Gpu Version >= 8.0 < 8.9

Nvidia ≫ Virtual Gpu Version >= 11.0 < 11.6

Nvidia ≫ Virtual Gpu Version >= 12.0 < 12.4

Nvidia ≫ Virtual Gpu Version >= 13.0 < 13.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.301

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P
psirt@nvidia.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-250 Execution with Unnecessary Privileges

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://nvidia.custhelp.com/app/answers/detail/a_id/5230

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-1118

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-1118

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-1118

EUVD