CVE-2021-1061

MEDIUM

NVIDIA vGPU <8.6-11.3 - Info Disclosure

Title source: llm

Description

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which a race condition may cause the vGPU plugin to continue using a previously validated resource that has since changed, which may lead to denial of service or information disclosure. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).

References (1)

[Vendor Advisory] https://nvidia.custhelp.com/app/answers/detail/a_id/5142

Scores

CVSS v3 6.3

EPSS 0.0004

EPSS Percentile 12.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

Classification

CWE

CWE-362

Status published

Affected Products (1)

nvidia/virtual_gpu_manager < 8.6

Timeline

Published Jan 08, 2021

Tracked Since Feb 18, 2026