Nvidia has addressed a total of 16 flaws, including high-severity vulnerabilities affecting the Nvidia GPU display driver and vGPU software.
The addressed flaws may lead to denial of service, escalation of privileges, data tampering, or information disclosure.
The most severe vulnerability tracked as CVE‑2021‑1051 received a CVSS score of 8.4, it could lead to denial of service or escalation of privileges.
“NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (
nvlddmkm.sys) handler for DxgkDdiEscape in which an operation is performed which may lead to denial of service or escalation of privileges.” reads the security advisory.
The company also addressed the CVE‑2021‑1052 flaw that could lead to denial of service, escalation of privileges, and information disclosure. The vulnerability received a CVSS score of 7.8.
“NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (
nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure.” continues the advisory.
The technology company resolved CVE‑2021‑1053 and CVE‑2021‑1054 flaws that received a CVSS score of 6.6 and 6.5 respectively. Both vulnerabilities may lead to denial of service.
The unique flaw that affects GPU Display Driver for Linux, tracked as CVE‑2021‑1056, may lead to denial of service or information disclosure. The flaw has received a CVSS score of 5.3.
The company addressed 10 vulnerabilities affecting the NVIDIA VGPU SOFTWARE, eight of which relate to the vGPU manager. 9 out of 10 vulnerabilities (CVE‑2021‑1057 through CVE‑2021‑1065) received a CVSS score of 7.8
The CVE‑2021‑1066 received a severity score of 7.8.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
(SecurityAffairs – hacking, Nvidia)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.