### [CVE-2021-1063](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1063)
![](https://img.shields.io/static/v1?label=Product&message=NVIDIA%20Virtual%20GPU%20Manager&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=Version%208.x%20(prior%20to%208.6)%20and%20version%2011.0%20(prior%20to%2011.3)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=tampering%20of%20data%2C%20information%20disclosure%2C%20or%20denial%20of%20service&color=brightgreen)

### Description

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input offset is not validated, which may lead to a buffer overread, which in turn may cause tampering of data, information disclosure, or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).

### POC

#### Reference
- https://nvidia.custhelp.com/app/answers/detail/a_id/5142

#### Github
No PoCs found on GitHub currently.