| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 8.4 | $0-$5k | 0.64 |
A vulnerability, which was classified as critical, has been found in NVIDIA Virtual GPU Manager up to 8.7/11.4/12.2. Affected by this issue is an unknown code block of the component Services Handler. The manipulation with an unknown input leads to a memory corruption vulnerability. Using CWE to declare the problem leads to CWE-120. Impacted is confidentiality, integrity, and availability. CVE summarizes:
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it improperly validates the length field in a request from a guest. This flaw allows a malicious guest to send a length field that is inconsistent with the actual length of the input, which may lead to information disclosure, data tampering, or denial of service. This affects vGPU version 12.x (prior to 12.3), version 11.x (prior to 11.5) and version 8.x (prior 8.8).
The weakness was disclosed 07/21/2021. The advisory is available at nvidia.custhelp.com. This vulnerability is handled as CVE-2021-1097 since 11/12/2020. The exploitation is known to be easy. The attack may be launched remotely. The requirement for exploitation is a simple authentication. The technical details are unknown and an exploit is not available.
Upgrading to version 8.8, 11.5 or 12.3 eliminates this vulnerability.
Vendor
Name
VulDB Meta Base Score: 8.8
VulDB Meta Temp Score: 8.4
VulDB Base Score: 8.8
VulDB Temp Score: 8.4
VulDB Vector: 🔒
VulDB Reliability: 🔍
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Class: Memory corruption
CWE: CWE-120
ATT&CK: Unknown
Local: No
Remote: Yes
Availability: 🔒
Status: Not defined
Price Prediction: 🔍
Current Price Estimation: 🔒
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍
Active Actors: 🔍
Active APT Groups: 🔍Recommended: Upgrade
Status: 🔍
0-Day Time: 🔒
Upgrade: Virtual GPU Manager 8.8/11.5/12.3
11/12/2020 CVE assigned
07/21/2021 Advisory disclosed
07/21/2021 VulDB entry created
07/26/2021 VulDB last updateVendor: https://www.nvidia.com/
Advisory: nvidia.custhelp.com
Status: Confirmed
Confirmation: 🔒
CVE: CVE-2021-1097 (🔒)
Created: 07/21/2021 11:39
Updated: 07/26/2021 01:57
Changes: (1) source_cve_cna
Complete: 🔍
Check our Alexa App!
