CVE-2021-1115

Published Oct 27, 2021

Last updated 3 years ago

CVSS medium 6.5

Overview

Description: NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs, where an attacker with local unprivileged system access may cause a NULL pointer dereference, which may lead to denial of service in a component beyond the vulnerable component.
Source: psirt@nvidia.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 4
Exploitability score: 2
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-476
psirt@nvidia.com: CWE-476

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5978F56-05D4-4292-86EA-12479B022DFE",
            "versionEndExcluding": "392.68",
            "versionStartIncluding": "390"
          },
          {
            "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96422D54-0F78-4683-8A67-B2DF7BAA4EF8",
            "versionEndExcluding": "463.15",
            "versionStartIncluding": "460"
          },
          {
            "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA5F4D02-CC80-4CAE-A2C3-135A710AC22E",
            "versionEndExcluding": "472.39",
            "versionStartIncluding": "470"
          },
          {
            "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A263990D-8108-4494-8000-D183E3997C20",
            "versionEndExcluding": "496.49",
            "versionStartIncluding": "490"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References