CVE-2021-1120 Information

Description

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where a string provided by the guest OS may not be properly null terminated. The guest OS or attacker has no ability to push content to the plugin through this vulnerability which may lead to information disclosure data tampering unauthorized code execution and denial of service.

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://nvidia.custhelp.com/app/answers/detail/a_id/5230

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.0