CVE-2021-1098
CVE-2021-1098
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.8EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
21 Jul 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it doesn't release some resources during driver unload requests from guests. This flaw allows a malicious guest to perform operations by reusing those resources, which may lead to information disclosure, data tampering, or denial of service. This affects vGPU version 12.x (prior to 12.3), version 11.x (prior to 11.5) and version 8.x (prior 8.8).
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
NVIDIA · NVIDIA Virtual GPU SoftwareWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →