CVE-2021-1057 – NVIDIA vGPU Manager vulnerability allows guest ... (How to Fix)

Q: What is the severity of CVE-2021-1057?

CVE-2021-1057 has a CVSS score of 7.8 (HIGH). NVIDIA vGPU Manager vulnerability allows guest virtual machines to allocate unauthorized resources, potentially leading to data breaches, denial of service, or information disclosure. This affects organizations using NVIDIA vGPU technology for virtualization. The vulnerability impacts vGPU versions 8.x before 8.6 and 11.0 before 11.3.

📋 TL;DR

NVIDIA vGPU Manager vulnerability allows guest virtual machines to allocate unauthorized resources, potentially leading to data breaches, denial of service, or information disclosure. This affects organizations using NVIDIA vGPU technology for virtualization. The vulnerability impacts vGPU versions 8.x before 8.6 and 11.0 before 11.3.

💻 Affected Systems

Products:

NVIDIA Virtual GPU Manager
NVIDIA vGPU plugin

Versions: vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3)

Operating Systems: Linux (vGPU host systems)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems using NVIDIA vGPU technology for GPU virtualization. Requires NVIDIA vGPU license and compatible hardware.

📦 What is this software?

Virtual Gpu Manager by Nvidia

View all CVEs affecting Virtual Gpu Manager →

Virtual Gpu Manager by Nvidia

View all CVEs affecting Virtual Gpu Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of host system integrity and confidentiality, allowing guest VMs to access unauthorized host resources, potentially leading to data exfiltration or complete system takeover.

🟠

Likely Case

Guest VMs gaining unauthorized access to host resources, potentially causing denial of service through resource exhaustion or accessing sensitive information from other VMs.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, though vulnerability still exists at the hypervisor level.

🌐 Internet-Facing: LOW - This vulnerability requires access to the virtualization infrastructure, which is typically not directly internet-facing.

🏢 Internal Only: HIGH - Critical risk for internal virtualization environments where attackers with guest VM access can escalate privileges to the host level.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires guest VM access and knowledge of vGPU resource allocation mechanisms. No public exploits have been reported.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: vGPU version 8.6 or later, vGPU version 11.3 or later

Vendor Advisory: https://nvidia.custhelp.com/app/answers/detail/a_id/5142

Restart Required: Yes

Instructions:

1. Download updated vGPU software from NVIDIA portal. 2. Stop all VMs using vGPU. 3. Update vGPU manager on host. 4. Update vGPU drivers in guest VMs. 5. Restart host system and VMs.

🔧 Temporary Workarounds

Isolate vGPU-enabled VMs

all

Segment vGPU-enabled virtual machines onto separate hosts or networks to limit potential lateral movement.

Restrict vGPU resource allocation

linux

Implement strict resource quotas and monitoring for vGPU allocations to detect anomalous behavior.

🧯 If You Can't Patch

Isolate affected vGPU hosts from critical networks and implement strict network segmentation
Implement enhanced monitoring for unusual vGPU resource allocation patterns and guest VM behavior

🔍 How to Verify

Check if Vulnerable:

Check vGPU version on host: cat /proc/driver/nvidia/version | grep vGPU

Check Version:

cat /proc/driver/nvidia/version | grep vGPU

Verify Fix Applied:

Verify vGPU version is 8.6+ or 11.3+ and check that no unauthorized resource allocation is occurring

📡 Detection & Monitoring

Log Indicators:

Unusual vGPU resource allocation patterns in /var/log/nvidia-vgpu-mgr.log
Guest VM attempting to allocate resources beyond configured limits

Network Indicators:

Unusual network traffic from vGPU-enabled VMs to other hosts
Resource exhaustion alerts from virtualization platform

SIEM Query:

source="nvidia-vgpu-mgr.log" AND ("resource allocation" OR "unauthorized access")

📊 Metadata

CVE ID: CVE-2021-1057

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-770

Published: January 8, 2021

Last Updated: November 21, 2024

🔗 References

https://nvidia.custhelp.com/app/answers/detail/a_id/5142 Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5142 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-1057, you might also want to check these: