admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-10xx/CVE-2021-1099.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

141 lines
4.7 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-1099",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2021-07-21T03:15:07.053",
"lastModified": "2021-07-27T17:35:54.587",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin) that could allow an attacker to cause stack-based buffer overflow and put a customized ROP gadget on the stack. Such an attack may lead to information disclosure, data tampering, or denial of service. This affects vGPU version 12.x (prior to 12.3), version 11.x (prior to 11.5) and version 8.x (prior 8.8)."
},
{
"lang": "es",
"value": "El software NVIDIA vGPU contiene una vulnerabilidad en el Virtual GPU Manager (vGPU plugin) que podr\u00eda permitir a un atacante causar un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria y poner un gadget ROP personalizado en la pila. Un ataque de este tipo podr\u00eda conllevar a una divulgaci\u00f3n de informaci\u00f3n, manipulaci\u00f3n de datos o denegaci\u00f3n de servicio. Esto afecta a las versiones 12.x de vGPU (anteriores a 12.3), versiones 11.x (anteriores a 11.5) y versiones 8.x (anteriores a 8.8)"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0",
"versionEndExcluding": "8.8",
"matchCriteriaId": "162224F1-1D4D-418C-8039-96EE094F6904"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0",
"versionEndExcluding": "11.5",
"matchCriteriaId": "F0467257-8AD1-4004-99F1-47C52400099D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0",
"versionEndExcluding": "12.3",
"matchCriteriaId": "0D7337F7-ECD9-4DFA-83E3-B679479691B6"
}
]
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211",
"source": "psirt@nvidia.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink