CVE-2021-1056

Published: Jan 8, 2021Modified: Nov 21, 2024

7.1

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Exploitability: 1.8 / Impact: 5.2

Source: NVD

Description

NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure.

Affected (4)

Products: Nvidia: Gpu Driver · Debian: Debian Linux

1 product

1 product

Configuration A

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Nvidia Gpu Driver	From 390 to 390.141
Nvidia Gpu Driver	From 450 to 450.102.04
Nvidia Gpu Driver	From 460 to 460.32.03

Running on/with	Platform Versions
Linux Linux Kernel	All versions

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 9.0

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (6)

https://lists.debian.org/debian-lts-announce/2022/01/msg00013.html

Source: psirt@nvidia.com

Mailing ListThird Party Advisory

https://nvidia.custhelp.com/app/answers/detail/a_id/5142

Source: psirt@nvidia.com

Vendor Advisory

https://security.gentoo.org/glsa/202310-02

Source: psirt@nvidia.com

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2022/01/msg00013.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://nvidia.custhelp.com/app/answers/detail/a_id/5142

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://security.gentoo.org/glsa/202310-02

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.