Description
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a string provided by the guest OS may not be properly null terminated. The guest OS or attacker has no ability to push content to the plugin through this vulnerability, which may lead to information disclosure, data tampering, unauthorized code execution, and denial of service.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://nvidia.custhelp.com/app/answers/detail/a_id/5230
Scores
CVSS v3
7.0
EPSS
0.0005
EPSS Percentile
14.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-170
Status
published
Products (1)
nvidia/virtual_gpu
8.0 - 8.9
Published
Oct 29, 2021
Tracked Since
Feb 18, 2026