CVE-2021-1057 - Vulnerability Details

Vendors	Products
Citrix	Hypervisor
Nutanix	Ahv
Nvidia	Virtual Gpu Manager
Redhat	Enterprise Linux Kernel-based Virtual Machine
Vmware	Vsphere

Link	Providers
https://nvidia.custhelp.com/app/answers/detail/a_id/5142

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "NVIDIA Virtual GPU Manager", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "Version 8.x (prior to 8.6) and version 11.0 (prior to 11.3)"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA Virtual GPU Manager NVIDIA vGPU manager contains a vulnerability in the vGPU plugin in which it allows guests to allocate some resources for which the guest is not authorized, which may lead to integrity and confidentiality loss, denial of service, or information disclosure. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3)."}], "problemTypes": [{"descriptions": [{"description": "integrity and confidentiality loss, denial of service, or information disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-08T15:05:27", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5142"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@nvidia.com", "ID": "CVE-2021-1057", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "NVIDIA Virtual GPU Manager", "version": {"version_data": [{"version_value": "Version 8.x (prior to 8.6) and version 11.0 (prior to 11.3)"}]}}]}, "vendor_name": "NVIDIA"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "NVIDIA Virtual GPU Manager NVIDIA vGPU manager contains a vulnerability in the vGPU plugin in which it allows guests to allocate some resources for which the guest is not authorized, which may lead to integrity and confidentiality loss, denial of service, or information disclosure. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "integrity and confidentiality loss, denial of service, or information disclosure"}]}]}, "references": {"reference_data": [{"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5142", "refsource": "CONFIRM", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5142"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:55:18.468Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5142"}]}]}, "cveMetadata": {"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2021-1057", "datePublished": "2021-01-08T15:05:27", "dateReserved": "2020-11-12T00:00:00", "dateUpdated": "2024-08-03T15:55:18.468Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : NVIDIA Virtual GPU Manager (string)

vendor : NVIDIA (string)

versions : [ »

0 : { »

status : affected (string)

version : Version 8.x (prior to 8.6) and version 11.0 (prior to 11.3) (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : NVIDIA Virtual GPU Manager NVIDIA vGPU manager contains a vulnerability in the vGPU plugin in which it allows guests to allocate some resources for which the guest is not authorized, which may lead to integrity and confidentiality loss, denial of service, or information disclosure. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3). (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : integrity and confidentiality loss, denial of service, or information disclosure (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2021-01-08T15:05:27 (string)

orgId : 9576f279-3576-44b5-a4af-b9a8644b2de6 (string)

shortName : nvidia (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://nvidia.custhelp.com/app/answers/detail/a_id/5142 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : psirt@nvidia.com (string)

ID : CVE-2021-1057 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : NVIDIA Virtual GPU Manager (string)

version : { »

version_data : [ »

0 : { »

version_value : Version 8.x (prior to 8.6) and version 11.0 (prior to 11.3) (string)

}

]

}

]

}

vendor_name : NVIDIA (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : NVIDIA Virtual GPU Manager NVIDIA vGPU manager contains a vulnerability in the vGPU plugin in which it allows guests to allocate some resources for which the guest is not authorized, which may lead to integrity and confidentiality loss, denial of service, or information disclosure. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3). (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : integrity and confidentiality loss, denial of service, or information disclosure (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://nvidia.custhelp.com/app/answers/detail/a_id/5142 (string)

refsource : CONFIRM (string)

url : https://nvidia.custhelp.com/app/answers/detail/a_id/5142 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T15:55:18.468Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://nvidia.custhelp.com/app/answers/detail/a_id/5142 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 9576f279-3576-44b5-a4af-b9a8644b2de6 (string)

assignerShortName : nvidia (string)

cveId : CVE-2021-1057 (string)

datePublished : 2021-01-08T15:05:27 (string)

dateReserved : 2020-11-12T00:00:00 (string)

dateUpdated : 2024-08-03T15:55:18.468Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "0DA97A67-954D-4736-8E12-4297A2800942", "versionEndExcluding": "8.6", "versionStartIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "6394FDD5-DFFC-4F30-AD8B-BECF8889E829", "versionEndExcluding": "11.3", "versionStartIncluding": "11.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE", "vulnerable": false}, {"criteria": "cpe:2.3:o:nutanix:ahv:-:*:*:*:*:*:*:*", "matchCriteriaId": "A64905FE-AC41-4804-9F9F-0B24E7323590", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false}, {"criteria": "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E4A22C5-B3E1-4106-997C-D1C845F2C1EE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "NVIDIA Virtual GPU Manager NVIDIA vGPU manager contains a vulnerability in the vGPU plugin in which it allows guests to allocate some resources for which the guest is not authorized, which may lead to integrity and confidentiality loss, denial of service, or information disclosure. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3)."}, {"lang": "es", "value": "NVIDIA Virtual GPU Manager NVIDIA vGPU Manager contiene una vulnerabilidad en el plugin vGPU en la que permite a los invitados asignar algunos recursos para los cuales el invitado no est\u00e1 autorizado, el cual puede conllevar a una p\u00e9rdida de la integridad y la confidencialidad, una denegaci\u00f3n de servicio o una divulgaci\u00f3n de informaci\u00f3n.&#xa0;Esto afecta a vGPU versiones 8.x (anteriores a 8.6) y versiones 11.0 (anteriores a 11.3)"}], "id": "CVE-2021-1057", "lastModified": "2024-11-21T05:43:28.653", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-01-08T15:15:12.000", "references": [{"source": "psirt@nvidia.com", "tags": ["Vendor Advisory"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5142"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5142"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 0DA97A67-954D-4736-8E12-4297A2800942 (string)

versionEndExcluding : 8.6 (string)

versionStartIncluding : 8.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:nvidia:virtual_gpu_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 6394FDD5-DFFC-4F30-AD8B-BECF8889E829 (string)

versionEndExcluding : 11.3 (string)

versionStartIncluding : 11.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:* (string)

matchCriteriaId : F7AE5C32-E060-44BA-8C13-3D73204191EE (string)

vulnerable : false (boolean)

}

1 : { »

criteria : cpe:2.3:o:nutanix:ahv:-:*:*:*:*:*:*:* (string)

matchCriteriaId : A64905FE-AC41-4804-9F9F-0B24E7323590 (string)

vulnerable : false (boolean)

}

2 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 06C8B1C5-6401-45F9-8D3E-47E32067F428 (string)

vulnerable : false (boolean)

}

3 : { »

criteria : cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 8E4A22C5-B3E1-4106-997C-D1C845F2C1EE (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : NVIDIA Virtual GPU Manager NVIDIA vGPU manager contains a vulnerability in the vGPU plugin in which it allows guests to allocate some resources for which the guest is not authorized, which may lead to integrity and confidentiality loss, denial of service, or information disclosure. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3). (string)

}

1 : { »

lang : es (string)

value : NVIDIA Virtual GPU Manager NVIDIA vGPU Manager contiene una vulnerabilidad en el plugin vGPU en la que permite a los invitados asignar algunos recursos para los cuales el invitado no está autorizado, el cual puede conllevar a una pérdida de la integridad y la confidencialidad, una denegación de servicio o una divulgación de información. Esto afecta a vGPU versiones 8.x (anteriores a 8.6) y versiones 11.0 (anteriores a 11.3) (string)

}

]

id : CVE-2021-1057 (string)

lastModified : 2024-11-21T05:43:28.653 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 4.6 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:L/AC:L/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 7.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2021-01-08T15:15:12.000 (string)

references : [ »

0 : { »

source : psirt@nvidia.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://nvidia.custhelp.com/app/answers/detail/a_id/5142 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://nvidia.custhelp.com/app/answers/detail/a_id/5142 (string)

}

]

sourceIdentifier : psirt@nvidia.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-770 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object