CVE-2021-1063

Summary

CVE	CVE-2021-1063
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-01-08 15:15:00 UTC
Updated	2021-01-11 20:55:00 UTC
Description	NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input offset is not validated, which may lead to a buffer overread, which in turn may cause tampering of data, information disclosure, or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).

Risk And Classification

Problem Types: CWE-125

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Citrix	Hypervisor	-	All	All	All
Operating System	Citrix	Hypervisor	-	All	All	All
Operating System	Citrix	Hypervisor	-	All	All	All
Operating System	Nutanix	Ahv	-	All	All	All
Operating System	Nutanix	Ahv	-	All	All	All
Operating System	Nutanix	Ahv	-	All	All	All
Application	Nvidia	Virtual Gpu Manager	All	All	All	All
Application	Nvidia	Virtual Gpu Manager	All	All	All	All
Operating System	Redhat	Enterprise Linux Kernel-based Virtual Machine	-	All	All	All
Operating System	Redhat	Enterprise Linux Kernel-based Virtual Machine	-	All	All	All
Operating System	Redhat	Enterprise Linux Kernel-based Virtual Machine	-	All	All	All
Operating System	Vmware	Vsphere	-	All	All	All
Operating System	Vmware	Vsphere	-	All	All	All
Operating System	Vmware	Vsphere	-	All	All	All

References

Reference	Source	Link	Tags
Security Bulletin: NVIDIA GPU Display Driver - January 2021 \| NVIDIA	CONFIRM	nvidia.custhelp.com	Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.