James GordanTable of Contents
- Latest news
- ASUS introduces the ROG Swift PG32UQX, the world’s first mini LED gaming monitor.
- Metro Exodus PC Enhanced Edition is released on May 6, requires a ray tracing GPU to work
- NVIDIA introduces GeForce RTX 30 Lite series to defend against cryptocurrencies
- Cyberpunk 2077 Hotfix 1.22 implements
- Addressing Denon and Marantz HDMI 2.1 receivers to prevent errors when transferring 4K/120Hz and 8K/60Hz content from Xbox Series X
- AMD Ryzen 8000 series Strix APU rumors Item: architectureZen 5, TSMC N3 process,large.LITTLE cores
Hey there! Before reading the article which is about NVIDIA Patches Multiple GPU Display Driver and vGPU Software Vulnerabilities, you should read about nvidia drivers. It shares basic information about this article and also adds more value to it. Do let us know how you feel about it in the comment section below. Happy Reading! Really glad that you are here.
NVIDIA has released new GPU display driver versions 410.73 and 340.52, which patch critical vulnerabilities across a range of their products. According to a security bulletin released by the company, these vulnerabilities could allow a malicious hacker to execute arbitrary code on a vulnerable system, resulting in a total system compromise. The bulletin highlights six specific vulnerable items, including the NVIDIA GPU Display Driver, Virtual GPU, and GRID vGPU software, all of which are affected by multiple vulnerabilities that have been given the Common Vulnerability and Exposure (CVE) designation of CVE-2018-6260, CVE-2018-12275, and CVE-2018-12276.
A variety of security flaws found in NVIDIA’s drivers and software for virtual GPU and multi-monitor setups could allow attackers to execute malicious code on the host device. The flaws are located in the NVIDIA GeForce, Iray, NVSMI, and vGPU software packages. Some of the flaws allow for privilege escalation while others allow for the execution of arbitrary code. These vulnerabilities were found by researchers at RedTeam Pentesting and the NVIDIA physical security response team. Vulnerability #1: Windows Host Unsandboxed Kernel Driver Elevation of Privilege This vulnerability is located in the nvlddmkm.sys kernel driver. This driver didn’t correctly validate the source of timer IRP calls. This driver also improperly handled critical sections, which
Image: NVIDIA
NVIDIA has released a new software update for its GPU display driver to fix thirteen potential vulnerabilities that could lead to code execution, denial of service, elevation of privilege and information disclosure. These include a vulnerability in the driver installer, which allows an attacker with access to the local system to replace the application source with malicious files, and another vulnerability in the kernel driver, which can cause the system to crash. NVIDIA users can obtain a software update from the official Green Team driver download page.
NVIDIA GPU DISPLAY DRIVER
| CVE identifiers | Description | Base value | Vector |
|---|---|---|---|
| CVE-2021-1074 | The NVIDIA Windows GPU Display driver for Windows contains a vulnerability in the installer that allows an attacker with local system access to replace the application resource with malicious files. Such an attack can result in the execution of code, elevation of privileges, denial of service, and disclosure of information. | 7.5 | AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H |
| CVE-2021-1075 | The NVIDIA Windows GPU Display driver contains a vulnerability in the kernel mode level manager (nvlddmkm.sys) for DxgkDdiEscape, whereby the program uses a pointer that contains a memory location that is no longer valid, which can lead to code execution, denial of service, or privilege escalation. | 7.3 | AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H |
| CVE-2021-1076 | The NVIDIA GPU display driver for Windows and Linux contains a vulnerability in the kernel mode (nvlddmkm.sys or nvidia.ko) where improper access control can lead to denial of service, disclosure of information, or data corruption. | 6.6 | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H |
| CVE-2021-1077 | The NVIDIA GPU display driver for Windows and Linux contains a vulnerability where the software uses a reference account to drive an improperly updated resource, which could result in a denial of service. | 6.6 | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H |
| CVE-2021-1078 | The NVIDIA GPU display driver for Windows contains a vulnerability in the kernel driver (nvlddmkm.sys), which allows a NULL pointer dereference to cause a system crash. | 5.5 | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
NVIDIA VGPU SOFTWARE
| CVE identifiers | Description | Base value | Vector |
|---|---|---|---|
| CVE-2021-1080 | The NVIDIA vGPU software contains a vulnerability in the virtual GPU manager (vGPU plug-in) where certain input data is not validated, which could result in information disclosure, data manipulation, or denial of service. | 7.8 | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CVE-2021-1081 | The NVIDIA vGPU software contains a vulnerability in the host kernel mode driver and virtual GPU manager (vGPU plug-in) where the input length is not validated, which could lead to information disclosure, data manipulation, or denial of service. | 7.8 | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CVE-2021-1082 | The NVIDIA vGPU software contains a vulnerability in the vGPU plug-in where input length is not validated, which could result in information disclosure, data manipulation, or denial of service. | 7.8 | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CVE-2021-1083 | The NVIDIA vGPU software contains a vulnerability in the host kernel mode driver and virtual GPU manager (vGPU plug-in) where the input length is not validated, which could lead to information disclosure, data manipulation, or denial of service. | 7.8 | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CVE-2021-1084 | The NVIDIA vGPU driver contains a vulnerability in the guest kernel mode driver and the virtual GPU manager (vGPU plugin) that does not validate the length of the input, which can lead to unauthorized data access or denial of service. | 7.8 | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CVE-2021-1085 | The NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plug-in) that allows writing to a shared memory folder and manipulation of data after the data has been validated, resulting in a denial of service and elevation of privileges. | 7.3 | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H |
| EEC-2021-1086 | The NVIDIA vGPU driver contains a vulnerability in the vGPU plug-in that allows the guest to control unauthorized resources, which could lead to loss of integrity, confidentiality, or disclosure of information. | 7.1 | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
| CVE-2021-1087 | The NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plug-in) that would allow an attacker to obtain information that could lead to an Address Space Randomization (ASLR) bypass. | 5.5 | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
NVIDIA’s risk assessment is based on the average risk of different installed systems and may not reflect the actual risk of your local installation. NVIDIA recommends that you consult a security or IT professional to assess the risk in your particular configuration.
Source: Support for NVIDIA, Threatpost
Latest news
ASUS introduces the ROG Swift PG32UQX, the world’s first mini LED gaming monitor.
28. April 2021-28. April 2021
Metro Exodus PC Enhanced Edition is released on May 6, requires a ray tracing GPU to work
28. April 2021-28. April 2021
NVIDIA introduces GeForce RTX 30 Lite series to defend against cryptocurrencies
28. April 2021-28. April 2021
Cyberpunk 2077 Hotfix 1.22 implements
28. April 2021-28. April 2021
Addressing Denon and Marantz HDMI 2.1 receivers to prevent errors when transferring 4K/120Hz and 8K/60Hz content from Xbox Series X
28. April 2021-28. April 2021
AMD Ryzen 8000 series Strix APU rumors Item: architectureZen 5, TSMC N3 process,large.LITTLE cores
27. April 202127. April 2021
This source has been very much helpful in doing our research. Read more about nvidia security bulletin 5142 and let us know what you think.
Related Tags:
nvidia driversnvidia virtual gpu softwarenvidia security breachnvidia security bulletin 5142nvidia security vulnerabilitynvidia driver identifier,People also search for,Privacy settings,How Search works,nvidia drivers,nvidia virtual gpu software,nvidia security breach,nvidia security bulletin 5142,nvidia security vulnerability,nvidia driver identifier,nvidia driver update,cve‑2021‑1052
James Gordan
Simon Leonard