CVE-2021-1056

CWE-276Incorrect Default Permissions7 documents6 sources
Severity
7.1HIGH
EPSS
6.6%
top 8.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Nvidia GPU DriverNvidia Nvidia GPU Display DriverDebian Debian Linux
Timeline
PublishedJan 8
Latest updateMay 24

Description

NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages6 packages

NVDnvidia/gpu_driver390390.141+2
Debiannvidia-graphics-drivers< 460.32.03-1+3
Debiannvidia-graphics-drivers-tesla-418< 418.181.07-1
Debiannvidia-graphics-drivers-tesla-450< 450.102.04-1

Also affects: Debian Linux 9.0

🔴Vulnerability Details

3
GHSA
GHSA-f8fj-4gwg-crcc: NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidia2022-05-24
CVEList
CVE-2021-1056: NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidia2021-01-08
OSV
CVE-2021-1056: NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidia2021-01-08

📋Vendor Advisories

3
Ubuntu
Linux kernel vulnerabilities2021-01-11
Ubuntu
NVIDIA graphics drivers vulnerabilities2021-01-11
Debian
CVE-2021-1056: nvidia-graphics-drivers - NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in t...2021
CVE-2021-1056 (HIGH CVSS 7.1) | NVIDIA GPU Display Driver for Linux | cvebase.io