CVE-2021-1094

Published Jul 22, 2021

Last updated a year ago

CVSS medium 6.1

Overview

Description: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an out of bounds array access may lead to denial of service or information disclosure.
Source: psirt@nvidia.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 4.2
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 3.6
Impact score: 4.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-125

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39769B85-EDB6-4649-A86F-F72277F235A1",
            "versionEndExcluding": "418.211.00",
            "versionStartIncluding": "418.197.02"
          },
          {
            "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5A345DF-457A-4B7E-A4E9-4D29FB4C9722",
            "versionEndExcluding": "427.48",
            "versionStartIncluding": "427.33"
          },
          {
            "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2DD69970-A1EE-46FE-B674-0E22AD11D467",
            "versionEndExcluding": "450.142.00",
            "versionStartIncluding": "450.119.03"
          },
          {
            "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "650D9B87-1AFB-4462-A8D5-E993D8ECDACA",
            "versionEndExcluding": "453.10",
            "versionStartIncluding": "452.96"
          },
          {
            "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52B5FD01-4AED-4915-B8C2-38233865ED86",
            "versionEndExcluding": "460.91.03",
            "versionStartIncluding": "460.73.01"
          },
          {
            "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "018F843B-EFA3-4E49-A269-168221A205CA",
            "versionEndExcluding": "462.96",
            "versionStartIncluding": "462.31"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References