Description
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), in which certain input data is not validated, which may lead to information disclosure, tampering of data, or denial of service. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior 8.7).
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://nvidia.custhelp.com/app/answers/detail/a_id/5172
Scores
CVSS v3
7.8
EPSS
0.0005
EPSS Percentile
16.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (1)
nvidia/virtual_gpu_manager
8.0 - 8.7
Published
Apr 29, 2021
Tracked Since
Feb 18, 2026