Vulnerability Details : CVE-2021-1085
NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to write to a shared memory location and manipulate the data after the data has been validated, which may lead to denial of service and escalation of privileges and information disclosure but attacker doesn't have control over what information is obtained. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior to 8.7).
Vulnerability category: Input validationDenial of serviceInformation leak
Products affected by CVE-2021-1085
- cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-1085
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 10 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-1085
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
|
7.3
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H |
1.8
|
5.5
|
NIST | |
|
7.3
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H |
1.8
|
5.5
|
NVIDIA Corporation |
CWE ids for CVE-2021-1085
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-1085
-
https://nvidia.custhelp.com/app/answers/detail/a_id/5172
Security Bulletin: NVIDIA GPU Display Driver - April 2021 | NVIDIAVendor Advisory
Jump to