CVE-2021-1061 - Vulnerability Details

Vendors	Products
Citrix	Hypervisor
Nutanix	Ahv
Nvidia	Virtual Gpu Manager
Redhat	Enterprise Linux Kernel-based Virtual Machine
Vmware	Vsphere

Link	Providers
https://nvidia.custhelp.com/app/answers/detail/a_id/5142

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "NVIDIA Virtual GPU Manager", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "Version 8.x (prior to 8.6) and version 11.0 (prior to 11.3)"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which a race condition may cause the vGPU plugin to continue using a previously validated resource that has since changed, which may lead to denial of service or information disclosure. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3)."}], "problemTypes": [{"descriptions": [{"description": "denial of service or information disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-08T15:05:30", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5142"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@nvidia.com", "ID": "CVE-2021-1061", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "NVIDIA Virtual GPU Manager", "version": {"version_data": [{"version_value": "Version 8.x (prior to 8.6) and version 11.0 (prior to 11.3)"}]}}]}, "vendor_name": "NVIDIA"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which a race condition may cause the vGPU plugin to continue using a previously validated resource that has since changed, which may lead to denial of service or information disclosure. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "denial of service or information disclosure"}]}]}, "references": {"reference_data": [{"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5142", "refsource": "CONFIRM", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5142"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:55:18.487Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5142"}]}]}, "cveMetadata": {"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2021-1061", "datePublished": "2021-01-08T15:05:30", "dateReserved": "2020-11-12T00:00:00", "dateUpdated": "2024-08-03T15:55:18.487Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : NVIDIA Virtual GPU Manager (string)

vendor : NVIDIA (string)

versions : [ »

0 : { »

status : affected (string)

version : Version 8.x (prior to 8.6) and version 11.0 (prior to 11.3) (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which a race condition may cause the vGPU plugin to continue using a previously validated resource that has since changed, which may lead to denial of service or information disclosure. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3). (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : denial of service or information disclosure (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2021-01-08T15:05:30 (string)

orgId : 9576f279-3576-44b5-a4af-b9a8644b2de6 (string)

shortName : nvidia (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://nvidia.custhelp.com/app/answers/detail/a_id/5142 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : psirt@nvidia.com (string)

ID : CVE-2021-1061 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : NVIDIA Virtual GPU Manager (string)

version : { »

version_data : [ »

0 : { »

version_value : Version 8.x (prior to 8.6) and version 11.0 (prior to 11.3) (string)

}

]

}

]

}

vendor_name : NVIDIA (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which a race condition may cause the vGPU plugin to continue using a previously validated resource that has since changed, which may lead to denial of service or information disclosure. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3). (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : denial of service or information disclosure (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://nvidia.custhelp.com/app/answers/detail/a_id/5142 (string)

refsource : CONFIRM (string)

url : https://nvidia.custhelp.com/app/answers/detail/a_id/5142 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T15:55:18.487Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://nvidia.custhelp.com/app/answers/detail/a_id/5142 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 9576f279-3576-44b5-a4af-b9a8644b2de6 (string)

assignerShortName : nvidia (string)

cveId : CVE-2021-1061 (string)

datePublished : 2021-01-08T15:05:30 (string)

dateReserved : 2020-11-12T00:00:00 (string)

dateUpdated : 2024-08-03T15:55:18.487Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "0DA97A67-954D-4736-8E12-4297A2800942", "versionEndExcluding": "8.6", "versionStartIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "6394FDD5-DFFC-4F30-AD8B-BECF8889E829", "versionEndExcluding": "11.3", "versionStartIncluding": "11.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE", "vulnerable": false}, {"criteria": "cpe:2.3:o:nutanix:ahv:-:*:*:*:*:*:*:*", "matchCriteriaId": "A64905FE-AC41-4804-9F9F-0B24E7323590", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false}, {"criteria": "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E4A22C5-B3E1-4106-997C-D1C845F2C1EE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which a race condition may cause the vGPU plugin to continue using a previously validated resource that has since changed, which may lead to denial of service or information disclosure. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3)."}, {"lang": "es", "value": "El administrador de NVIDIA vGPU contiene una vulnerabilidad en el plugin vGPU, en la que una condici\u00f3n de carrera puede causar que el plugin vGPU contin\u00fae usando un recurso previamente comprobado que ha cambiado desde entonces, lo que puede conllevar a una denegaci\u00f3n de servicio o una divulgaci\u00f3n de informaci\u00f3n.&#xa0;Esto afecta a vGPU versiones 8.x (anteriores a 8.6) y versiones 11.0 (anteriores a 11.3)"}], "id": "CVE-2021-1061", "lastModified": "2024-11-21T05:43:31.127", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-01-08T15:15:12.280", "references": [{"source": "psirt@nvidia.com", "tags": ["Vendor Advisory"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5142"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5142"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 0DA97A67-954D-4736-8E12-4297A2800942 (string)

versionEndExcluding : 8.6 (string)

versionStartIncluding : 8.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 6394FDD5-DFFC-4F30-AD8B-BECF8889E829 (string)

versionEndExcluding : 11.3 (string)

versionStartIncluding : 11.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:* (string)

matchCriteriaId : F7AE5C32-E060-44BA-8C13-3D73204191EE (string)

vulnerable : false (boolean)

}

1 : { »

criteria : cpe:2.3:o:nutanix:ahv:-:*:*:*:*:*:*:* (string)

matchCriteriaId : A64905FE-AC41-4804-9F9F-0B24E7323590 (string)

vulnerable : false (boolean)

}

2 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 06C8B1C5-6401-45F9-8D3E-47E32067F428 (string)

vulnerable : false (boolean)

}

3 : { »

criteria : cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 8E4A22C5-B3E1-4106-997C-D1C845F2C1EE (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which a race condition may cause the vGPU plugin to continue using a previously validated resource that has since changed, which may lead to denial of service or information disclosure. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3). (string)

}

1 : { »

lang : es (string)

value : El administrador de NVIDIA vGPU contiene una vulnerabilidad en el plugin vGPU, en la que una condición de carrera puede causar que el plugin vGPU continúe usando un recurso previamente comprobado que ha cambiado desde entonces, lo que puede conllevar a una denegación de servicio o una divulgación de información. Esto afecta a vGPU versiones 8.x (anteriores a 8.6) y versiones 11.0 (anteriores a 11.3) (string)

}

]

id : CVE-2021-1061 (string)

lastModified : 2024-11-21T05:43:31.127 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : LOW (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 3.3 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:L/AC:M/Au:N/C:P/I:N/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 3.4 (number)

impactScore : 4.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : HIGH (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 6.3 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1 (number)

impactScore : 5.2 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2021-01-08T15:15:12.280 (string)

references : [ »

0 : { »

source : psirt@nvidia.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://nvidia.custhelp.com/app/answers/detail/a_id/5142 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://nvidia.custhelp.com/app/answers/detail/a_id/5142 (string)

}

]

sourceIdentifier : psirt@nvidia.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-362 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object