Multiple vulnerabilities in NVIDIA GPU Display Driver



Published: 2021-07-20
Risk Low
Patch available YES
Number of vulnerabilities 8
CVE-ID CVE-2021-1089
CVE-2021-1090
CVE-2021-1091
CVE-2021-1093
CVE-2021-1094
CVE-2021-1095
CVE-2021-1092
CVE-2021-1096
CWE-ID CWE-427
CWE-788
CWE-65
CWE-617
CWE-125
CWE-822
CWE-59
CWE-476
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
NVIDIA Windows GPU Display Driver
Client/Desktop applications / Virtualization software

NVIDIA vGPU Software
Client/Desktop applications / Other client software

NVIDIA Linux GPU Display Driver
Hardware solutions / Drivers

Vendor

Security Bulletin

This security bulletin contains information about 8 vulnerabilities.

1) Insecure DLL loading

EUVDB-ID: #VU55036

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1089

CWE-ID: CWE-427 - Uncontrolled Search Path Element

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the application loads DLL libraries in an insecure manner in nvidia-smi. A local user can place a malicious .dll file on the system and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

NVIDIA Windows GPU Display Driver: before 392.67, 471.41, 462.96, 453.10, 427.48

NVIDIA vGPU Software: before 12.3, 11.5, 8.8


CPE2.3 External links

http://nvidia.custhelp.com/app/answers/detail/a_id/5211

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Access of Memory Location After End of Buffer

EUVDB-ID: #VU55037

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1090

CWE-ID: CWE-788 - Access of Memory Location After End of Buffer

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in in the kernel mode layer (nvlddmkm.sys) handler for control calls. A local user can run a specially crafted program to trigger memory corruption and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

NVIDIA Windows GPU Display Driver: before 392.67, 471.41, 462.96, 453.10, 427.48

NVIDIA vGPU Software: before 12.3, 11.5, 8.8


CPE2.3 External links

http://nvidia.custhelp.com/app/answers/detail/a_id/5211

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Windows Hard Link

EUVDB-ID: #VU55041

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1091

CWE-ID: CWE-65 - Windows hard link

Exploit availability: No

Description

The vulnerability allows a local user to overwrite arbitrary files on the system.

The vulnerability exists due to incorrect processing of hard links. A local user can create a hard link to a critical file on the system and overwrite it with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

NVIDIA Windows GPU Display Driver: before 471.41, 462.96

NVIDIA vGPU Software: before 12.3, 11.5, 8.8


CPE2.3 External links

http://nvidia.custhelp.com/app/answers/detail/a_id/5211

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Reachable Assertion

EUVDB-ID: #VU55038

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1093

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion. A local user can run a specially crafted program to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

NVIDIA Windows GPU Display Driver: before 392.67, 471.41, 462.96, 453.10, 427.48

NVIDIA Linux GPU Display Driver: before 390.144, 470.57.02, 460.91.03, 450.142.00, 418.211.00

NVIDIA vGPU Software: before 12.3, 11.5, 8.8


CPE2.3 External links

http://nvidia.custhelp.com/app/answers/detail/a_id/5211

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Out-of-bounds read

EUVDB-ID: #VU55039

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1094

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information or perform a denial of service attack.

The vulnerability exists due to a boundary condition in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape. A local user can run a specially crafted program to trigger an out-of-bounds read and gain access to sensitive information or crash perform a DoS attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

NVIDIA Windows GPU Display Driver: before 392.67, 471.41, 462.96, 453.10, 427.48

NVIDIA Linux GPU Display Driver: before 390.144, 470.57.02, 460.91.03, 450.142.00, 418.211.00

NVIDIA vGPU Software: before 12.3, 11.5, 8.8


CPE2.3 External links

http://nvidia.custhelp.com/app/answers/detail/a_id/5211

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Untrusted Pointer Dereference

EUVDB-ID: #VU55040

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1095

CWE-ID: CWE-822 - Untrusted Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to untrusted pointer dereference in the kernel mode layer (nvlddmkm.sys) handlers for all control calls with embedded parameters. A local user can run a specially crafted program to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

NVIDIA Windows GPU Display Driver: before 392.67, 471.41, 462.96, 453.10, 427.48

NVIDIA Linux GPU Display Driver: before 390.144, 470.57.02, 460.91.03, 450.142.00, 418.211.00

NVIDIA vGPU Software: before 12.3, 11.5, 8.8


CPE2.3 External links

http://nvidia.custhelp.com/app/answers/detail/a_id/5211

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Link following

EUVDB-ID: #VU55042

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1092

CWE-ID: CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Exploit availability: No

Description

The vulnerability allows a local user to overwrite arbitrary files on the system.

The vulnerability exists due to a symbolic link following in the NVIDIA Control Panel application. A local user can create a symbolic link to a critical file on the system and overwrite it, causing a denial of service condition.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

NVIDIA Windows GPU Display Driver: before 392.67, 471.41, 462.96, 453.10, 427.48

NVIDIA vGPU Software: before 12.3, 11.5, 8.8


CPE2.3 External links

http://nvidia.custhelp.com/app/answers/detail/a_id/5211

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) NULL pointer dereference

EUVDB-ID: #VU55043

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1096

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the NVIDIA kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

NVIDIA Windows GPU Display Driver: before 392.67, 471.41, 462.96, 453.10, 427.48

NVIDIA vGPU Software: before 12.3, 11.5, 8.8


CPE2.3 External links

http://nvidia.custhelp.com/app/answers/detail/a_id/5211

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###