First published: Fri Jan 08 2021(Updated: )
NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which a race condition may cause the vGPU plugin to continue using a previously validated resource that has since changed, which may lead to denial of service or information disclosure. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).
Credit: psirt@nvidia.com
Affected Software | Affected Version | How to fix |
---|---|---|
NVIDIA Virtual GPU Manager | >=8.0<8.6 | |
NVIDIA Virtual GPU Manager | >=11.0<11.3 | |
Citrix Hypervisor | ||
Nutanix Ahv | ||
Redhat Enterprise Linux Kernel-based Virtual Machine | ||
VMware vSphere |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this NVIDIA vGPU manager vulnerability is CVE-2021-1061.
The severity of CVE-2021-1061 is medium with a CVSS score of 6.3.
The affected software for CVE-2021-1061 is NVIDIA Virtual GPU Manager versions 8.x (prior to 8.6) and 11.x (prior to 11.3).
CVE-2021-1061 may lead to denial of service or information disclosure.
To fix CVE-2021-1061, update to NVIDIA Virtual GPU Manager version 8.6 or later for version 8.x, and version 11.3 or later for version 11.x.