Sixteen vulnerabilities were discovered in the Nvidia GPU display driver and vGPU software, some of which severe.
The vulnerabilities could lead to denial of service, escalation of privileges, data tampering, and information disclosure attacks.
The Nvidia GPU display driver supports graphics processing units and is also present in vGPU software for virtual workstations, servers, apps, and personal computers. The most dangerous of the vulnerabilities is CVE‑2021‑1051, with a CVSS score of 8.4.
More about CVE‑2021‑1051
According to the official description, all versions of NVIDIA GPU Display Driver for Windows contain a loophole in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape. This is where “an operation is performed, which may lead to denial of service or escalation of privileges.” In layman’s terms, exploitation of CVE‑2021‑1051 can cause denial of service or privilege escalation attacks.
The second most severe vulnerability in the driver is CVE‑2021‑1052, which could lead to denial of service, privileges escalation, and information disclosure. “NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure,” the advisory says.
Next on the list in terms of severity is Nvidia has also resolved CVE‑2021‑1053. The flaw is a display driver bug affecting Windows and Linux. With a CVSS score of 6.6, the bug is moderate, also causing denial of service due to improper validation of a user pointer targeted at the same kernel mode layer.
CVE‑2021‑1054 and CVE‑2021‑1055 in the same kernel mode layer affect Windows systems. These flaws could cause failures to perform authorization checks and improper access controls and lead to denial of service. CVE‑2021‑1055 could also be exploited to achieve data leaks.
Full technical disclosure of all 16 vulnerabilities is available in Nvidia’s official security bulletin.
In February 2019, Nvidia addressed eight security issues in the NVIDIA GPU Display Driver software. One of the vulnerabilities affected both Linux and Windows systems. The issues could lead to code execution, escalation of privileges, denial of service attacks, and information disclosure.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: