CVE-2021-1120

EPSS 0.05%
Veröffentlicht 29.10.2021 20:15:08
Zuletzt bearbeitet 21.11.2024 05:43:38
Quelle psirt@nvidia.com
Teams Watchlist Login
Unerledigt Login

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a string provided by the guest OS may not be properly null terminated. The guest OS or attacker has no ability to push content to the plugin through this vulnerability, which may lead to information disclosure, data tampering, unauthorized code execution, and denial of service.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nvidia ≫ Virtual Gpu Version >= 8.0 < 8.9

Nvidia ≫ Virtual Gpu Version >= 11.0 < 11.6

Nvidia ≫ Virtual Gpu Version >= 12.0 < 12.4

Nvidia ≫ Virtual Gpu Version >= 13.0 < 13.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.14

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7	1	5.9	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P
psirt@nvidia.com	7	1	5.9	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-170 Improper Null Termination

The product does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator.

https://nvidia.custhelp.com/app/answers/detail/a_id/5230

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-1120

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-1120

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-1120

EUVD