How severe is CVE-2021-1098?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2021-1098?

This is classified as CWE-404, which is a common weakness in software security.

CVE-2021-1098 - HIGH Severity | CVSS 7.8

Vulnerability Description

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it doesn't release some resources during driver unload requests from guests. This flaw allows a malicious guest to perform operations by reusing those resources, which may lead to information disclosure, data tampering, or denial of service. This affects vGPU version 12.x (prior to 12.3), version 11.x (prior to 11.5) and version 8.x (prior 8.8).

Related Vulnerabilities

CVE-2017-0769

HIGH

CVSS:7.8(High)

A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37662122.

CWE-4042017

CVE-2017-11016

HIGH

CVSS:7.8(High)

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when memory allocation fails while creating a calibration block in create_cal_block stal...

CWE-4042017

CVE-2018-6592

HIGH

CVSS:7.8(High)

Unisys Stealth 3.3 Windows endpoints before 3.3.016.1 allow local users to gain access to Stealth-enabled devices by leveraging improper cleanup of memory used for negotiation key storage.

CWE-4042018

CVE-2018-8164

HIGH

CVSS:7.8(High)

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows ...

CWE-4042018

CVE-2018-8165

HIGH

CVSS:7.8(High)

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability...

CWE-4042018

CVE-2018-8210

HIGH

CVSS:7.8(High)

A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka "Windows Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, ...

CWE-4042018