CVE-2021-1118
29.10.2021, 20:15
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to execute privileged operations by the guest OS, which may lead to information disclosure, data tampering, escalation of privileges, and denial of serviceEnginsight
| Vendor | Product | Version |
|---|---|---|
| nvidia | virtual_gpu | 8.0 ≤ 𝑥 < 8.9 |
| nvidia | virtual_gpu | 11.0 ≤ 𝑥 < 11.6 |
| nvidia | virtual_gpu | 12.0 ≤ 𝑥 < 12.4 |
| nvidia | virtual_gpu | 13.0 ≤ 𝑥 < 13.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-250 - Execution with Unnecessary PrivilegesThe software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
- CWE-269 - Improper Privilege ManagementThe software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.