CVE-2021-1120

EPSS 0.05%
Published 29.10.2021 20:15:08
Last modified 21.11.2024 05:43:38
Source psirt@nvidia.com
Teams watchlist Login
Open Login

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a string provided by the guest OS may not be properly null terminated. The guest OS or attacker has no ability to push content to the plugin through this vulnerability, which may lead to information disclosure, data tampering, unauthorized code execution, and denial of service.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Nvidia ≫ Virtual Gpu Version >= 8.0 < 8.9

Nvidia ≫ Virtual Gpu Version >= 11.0 < 11.6

Nvidia ≫ Virtual Gpu Version >= 12.0 < 12.4

Nvidia ≫ Virtual Gpu Version >= 13.0 < 13.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.14

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7	1	5.9	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P
psirt@nvidia.com	7	1	5.9	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-170 Improper Null Termination

The product does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator.

https://nvidia.custhelp.com/app/answers/detail/a_id/5230

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-1120

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-1120

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-1120

EUVD