Request a Demo
Rewterz
Rewterz Threat Alert – PatchWork APT Group Targeting Pakistan – Active IOCs
November 1, 2021
Rewterz
Rewterz Threat Advisory – Multiple Apache Vulnerabilities
November 2, 2021

Rewterz Threat Advisory – Multiple NVIDIA vGPU Software Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2021-1119 

NVIDIA vGPU Software could allow a local authenticated attacker to execute arbitrary code on the system, caused by a double-free flaw in the Virtual GPU Manager. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.

CVE-2021-1121 

NVIDIA vGPU software is vulnerable to a denial of service, caused by a flaw in the Virtual GPU Manager kernel driver. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause resource starvation among other vGPUs hosted on the same GPU, and results in a denial of service condition.

CVE-2021-1122 

NVIDIA vGPU software is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the Virtual GPU Manager. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2021-1123 

NVIDIA vGPU software is vulnerable to a denial of service, caused by a deadlock flaw in the Virtual GPU Manager. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2021-1118 

NVIDIA vGPU Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Virtual GPU Manager (vGPU plugin). By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges, obtain sensitive information, perform data tampering, or cause a denial of service condition.

CVE-2021-1120 

NVIDIA vGPU Software could allow a local authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Virtual GPU Manager. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code, obtain sensitive information, perform data tampering, or cause a denial of service condition.

Impact

  • Code Execution
  • Denial of Service
  • Privilege Escalation

Affected Vendors

NVIDIA

Affected Products

  • NVIDIA vGPU Software 8.8
  • NVIDIA vGPU Software 11.5
  • NVIDIA vGPU Software 12.3
  • NVIDIA vGPU Software 13.0

Remediation

Refer to NVIDIA Advisory for patch, upgrade, or suggested workaround information.

https://nvidia.custhelp.com/app/answers/detail/a_id/5230