CVE-2021-1119

HIGH

NVIDIA vGPU software - Use After Free

Title source: llm

Description

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can double-free a pointer, which may lead to denial of service. This flaw may result in a write-what-where condition, allowing an attacker to execute arbitrary code impacting integrity and availability.

References (1)

[Vendor Advisory] https://nvidia.custhelp.com/app/answers/detail/a_id/5230

Scores

CVSS v3 7.1

EPSS 0.0005

EPSS Percentile 14.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Classification

CWE

CWE-415

Status published

Affected Products (1)

nvidia/virtual_gpu < 8.9

Timeline

Published Oct 29, 2021

Tracked Since Feb 18, 2026