CVE Vulnerabilities

CVE-2021-1119

Double Free

Published: Oct 29, 2021 | Modified: Nov 02, 2021
CVSS 3.x
7.1
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVSS 2.x
3.6 LOW
AV:L/AC:L/Au:N/C:N/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can double-free a pointer, which may lead to denial of service. This flaw may result in a write-what-where condition, allowing an attacker to execute arbitrary code impacting integrity and availability.

Weakness

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Affected Software

Name Vendor Start Version End Version
Virtual_gpu Nvidia 8.0 (including) 8.9 (excluding)
Virtual_gpu Nvidia 11.0 (including) 11.6 (excluding)
Virtual_gpu Nvidia 12.0 (including) 12.4 (excluding)
Virtual_gpu Nvidia 13.0 (including) 13.1 (excluding)

Potential Mitigations

References