SB2021042204 - Multiple vulnerabilities in NVIDIA GPU Display Driver

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021042204

SB2021042204 - Multiple vulnerabilities in NVIDIA GPU Display Driver

Published: April 22, 2021

Security Bulletin ID SB2021042204
Severity
Low
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Improper access control (CVE-ID: CVE-2021-1074)

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in installer. A local user can replace an application resource with malicious files, leading to arbitrary code execution, escalation of privileges, denial of service and information disclosure.


2) Untrusted Pointer Dereference (CVE-ID: CVE-2021-1075)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to untrusted pointer dereference in the kernel mode layer "nvlddmkm.sys" handler for DxgkDdiEscape. A local user can cause a denial of service condition on the target system.


3) Improper access control (CVE-ID: CVE-2021-1076)

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in the kernel mode layer (nvlddmkm.sys or nvidia.ko). A local user can bypass implemented security restrictions, leading to denial of service, information disclosure or data corruption.


4) Release of invalid pointer or reference (CVE-ID: CVE-2021-1077)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to the affected software uses a reference count to manage a resource that is incorrectly updated. A local user can cause a denial of service condition in th target system.


5) NULL pointer dereference (CVE-ID: CVE-2021-1078)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the kernel driver (nvlddmkm.sys). A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References