CVE-2021-1076 — Incorrect Authorization in Nvidia GPU Display Driver

CWE-863 — Incorrect Authorization CWE-1076 — Insufficient Adherence to Expected Conventions8 documents7 sources

Severity

7.8HIGHNVD

CNA6.6

EPSS

0.1%

top 80.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia GPU Display Driver Nvidia GPU Display Driver Debian Linux

Timeline

PublishedApr 21

Latest updateMay 24

Description

NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of service, information disclosure, or data corruption.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDnvidia/gpu_display_driver390 — 390.143+8

▶CVEListV5nvidia/nvidia_gpu_display_driverAll

Also affects: Debian Linux 9.0

🔴Vulnerability Details

GHSA

GHSA-vfw8-mw63-c6hv: NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm↗2022-05-24

▶

OSV

nvidia-graphics-drivers-390, nvidia-graphics-drivers-418-server, nvidia-graphics-drivers-450, nvidia-graphics-drivers-450-server, nvidia-graphics-drivers-460, nvidia-graphics-drivers-460-server vulner↗2021-05-04

▶

CVEList

CVE-2021-1076: NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm↗2021-04-21

▶

OSV

CVE-2021-1076: NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm↗2021-04-21

▶

📋Vendor Advisories

Ubuntu

NVIDIA graphics drivers vulnerabilities↗2021-05-04

▶

Cisco

Cisco IOS XR Software IPv6 Flood Denial of Service Vulnerability↗2021-02-03

▶

Debian

CVE-2021-1076: nvidia-graphics-drivers - NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulner...↗2021

▶