CVE-2021-1120 HIGH

CVE-2021-1120

Vendor Nvidia
Product NVIDIA Virtual GPU Software
Weakness CWE-170
Published October 29, 2021
Last update August 3, 2024

CVSS base score

7.0/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a string provided by the guest OS may not be properly null terminated. The guest OS or attacker has no ability to push content to the plugin through this vulnerability, which may lead to information disclosure, data tampering, unauthorized code execution, and denial of service.

Key dates

02Disclosure timeline

October 29, 2021 CVE published
August 3, 2024 Record updated