CVE-2021-1120

Summary

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a string provided by the guest OS may not be properly null terminated. The guest OS or attacker has no ability to push content to the plugin through this vulnerability, which may lead to information disclosure, data tampering, unauthorized code execution, and denial of service.

Affected Software

VendorProductVersion RangeStatus
NVIDIANVIDIA Virtual GPU SoftwarevGPU version 13.x (prior to 13.1), 12.x (prior to 12.4), version 11.x (prior to 11.6) and version 8.x (prior 8.9).affected

Weaknesses

  • CWE-170: CWE-170: Improper Null Termination

ADP Enrichment

CVE Program Container

Additional References

References