The vulnerabilities could lead to denial of service, escalation of privileges, data tampering, and information disclosure attacks.
The Nvidia GPU display driver supports graphics processing units and is also present in vGPU software for virtual workstations, servers, apps, and personal computers. The most dangerous of the vulnerabilities is CVE‑2021‑1051, with a CVSS score of 8.4.
More about CVE‑2021‑1051
According to the official description, all versions of NVIDIA GPU Display Driver for Windows contain a loophole in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape. This is where “an operation is performed, which may lead to denial of service or escalation of privileges.” In layman’s terms, exploitation of CVE‑2021‑1051 can cause denial of service or privilege escalation attacks.
The second most severe vulnerability in the driver is CVE‑2021‑1052, which could lead to denial of service, privileges escalation, and information disclosure. “NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure,” the advisory says.
Next on the list in terms of severity is Nvidia has also resolved CVE‑2021‑1053. The flaw is a display driver bug affecting Windows and Linux. With a CVSS score of 6.6, the bug is moderate, also causing denial of service due to improper validation of a user pointer targeted at the same kernel mode layer.
CVE‑2021‑1054 and CVE‑2021‑1055 in the same kernel mode layer affect Windows systems. These flaws could cause failures to perform authorization checks and improper access controls and lead to denial of service. CVE‑2021‑1055 could also be exploited to achieve data leaks.
Full technical disclosure of all 16 vulnerabilities is available in Nvidia’s official security bulletin.
In February 2019, Nvidia addressed eight security issues in the NVIDIA GPU Display Driver software. One of the vulnerabilities affected both Linux and Windows systems. The issues could lead to code execution, escalation of privileges, denial of service attacks, and information disclosure.