PT-2021-13487 · Nvidia · Nvidia Vgpu
Published
2021-07-21
·
Updated
2021-07-30
·
CVE-2021-1097
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
NVIDIA vGPU software versions prior to 12.3
NVIDIA vGPU software versions prior to 11.5
NVIDIA vGPU software versions prior to 8.8
Description
The Virtual GPU Manager (vGPU plugin) in NVIDIA vGPU software contains a flaw where it improperly validates the length field in a request from a guest. This allows a malicious guest to send a length field that is inconsistent with the actual length of the input, potentially leading to information disclosure, data tampering, or denial of service.
Recommendations
For versions prior to 12.3, update to version 12.3 or later to resolve the issue.
For versions prior to 11.5, update to version 11.5 or later to resolve the issue.
For versions prior to 8.8, update to version 8.8 or later to resolve the issue.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nvidia Vgpu