Multiple vulnerabilities in NVIDIA Windows GPU Display Driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2021-1117 CVE-2021-1116 CVE-2021-1115 |
| CWE-ID | CWE-20 CWE-476 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
NVIDIA Windows GPU Display Driver Client/Desktop applications / Virtualization software |
| Vendor |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU57659
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1117
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in DxgkDdiEscape in nvlddmkm.sys kernel driver. A local user can run a specially crafted program to trigger a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsNVIDIA Windows GPU Display Driver: before 496.49
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/5230
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU57658
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1116
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the nvlddmkm.sys kernel driver. A local user can run a specially crafted program to trigger a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsNVIDIA Windows GPU Display Driver: before 496.49
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/5230
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU57657
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1115
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the nvlddmkm.sys kernel driver. A local user can run a specially crafted program to trigger a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsNVIDIA Windows GPU Display Driver: before 496.49
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/5230
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
