2021-1097 | NVIDIA Virtual GPU Manager Services buffer overflow
|CVSS Meta Temp Score||Current Exploit Price (≈)||CTI Interest Score|
A vulnerability, which was classified as critical, has been found in NVIDIA Virtual GPU Manager up to 8.7/11.4/12.2. Affected by this issue is an unknown code block of the component Services Handler. The manipulation with an unknown input leads to a memory corruption vulnerability. Using CWE to declare the problem leads to CWE-120. Impacted is confidentiality, integrity, and availability. CVE summarizes:
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it improperly validates the length field in a request from a guest. This flaw allows a malicious guest to send a length field that is inconsistent with the actual length of the input, which may lead to information disclosure, data tampering, or denial of service. This affects vGPU version 12.x (prior to 12.3), version 11.x (prior to 11.5) and version 8.x (prior 8.8).
The weakness was disclosed 07/21/2021. The advisory is available at nvidia.custhelp.com. This vulnerability is handled as CVE-2021-1097 since 11/12/2020. The exploitation is known to be easy. The attack may be launched remotely. The requirement for exploitation is a simple authentication. The technical details are unknown and an exploit is not available.
Upgrading to version 8.8, 11.5 or 12.3 eliminates this vulnerability.
VulDB Meta Base Score: 8.8
VulDB Meta Temp Score: 8.4
VulDB Base Score: 8.8
VulDB Temp Score: 8.4
VulDB Vector: 🔒
VulDB Reliability: 🔍
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Class: Memory corruption
Status: Not defined
Price Prediction: 🔍
Current Price Estimation: 🔒
Active Actors: 🔍
Active APT Groups: 🔍Recommended: Upgrade
0-Day Time: 🔒
Upgrade: Virtual GPU Manager 8.8/11.5/12.3
11/12/2020 CVE assigned
07/21/2021 +250 days Advisory disclosed
07/21/2021 +0 days VulDB entry created
07/26/2021 +4 days VulDB last updateVendor: https://www.nvidia.com/
CVE: CVE-2021-1097 (🔒)
Created: 07/21/2021 11:39
Updated: 07/26/2021 01:57
Changes: (1) source_cve_cna
Check our Alexa App!