NVIDIA Patches Multiple GPU Display Driver and vGPU Software Vulnerabilities

Hey there! Before reading the article which is about NVIDIA Patches Multiple GPU Display Driver and vGPU Software Vulnerabilities, you should read about nvidia drivers. It shares basic information about this article and also adds more value to it. Do let us know how you feel about it in the comment section below. Happy Reading! Really glad that you are here.

NVIDIA has released new GPU display driver versions 410.73 and 340.52, which patch critical vulnerabilities across a range of their products. According to a security bulletin released by the company, these vulnerabilities could allow a malicious hacker to execute arbitrary code on a vulnerable system, resulting in a total system compromise. The bulletin highlights six specific vulnerable items, including the NVIDIA GPU Display Driver, Virtual GPU, and GRID vGPU software, all of which are affected by multiple vulnerabilities that have been given the Common Vulnerability and Exposure (CVE) designation of CVE-2018-6260, CVE-2018-12275, and CVE-2018-12276.

A variety of security flaws found in NVIDIA’s drivers and software for virtual GPU and multi-monitor setups could allow attackers to execute malicious code on the host device. The flaws are located in the NVIDIA GeForce, Iray, NVSMI, and vGPU software packages. Some of the flaws allow for privilege escalation while others allow for the execution of arbitrary code. These vulnerabilities were found by researchers at RedTeam Pentesting and the NVIDIA physical security response team. Vulnerability #1: Windows Host Unsandboxed Kernel Driver Elevation of Privilege This vulnerability is located in the nvlddmkm.sys kernel driver. This driver didn’t correctly validate the source of timer IRP calls. This driver also improperly handled critical sections, which

Image: NVIDIA

NVIDIA has released a new software update for its GPU display driver to fix thirteen potential vulnerabilities that could lead to code execution, denial of service, elevation of privilege and information disclosure. These include a vulnerability in the driver installer, which allows an attacker with access to the local system to replace the application source with malicious files, and another vulnerability in the kernel driver, which can cause the system to crash. NVIDIA users can obtain a software update from the official Green Team driver download page.

NVIDIA GPU DISPLAY DRIVER

CVE identifiers Description Base value Vector
CVE-2021-1074 The NVIDIA Windows GPU Display driver for Windows contains a vulnerability in the installer that allows an attacker with local system access to replace the application resource with malicious files. Such an attack can result in the execution of code, elevation of privileges, denial of service, and disclosure of information. 7.5 AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
CVE-2021-1075 The NVIDIA Windows GPU Display driver contains a vulnerability in the kernel mode level manager (nvlddmkm.sys) for DxgkDdiEscape, whereby the program uses a pointer that contains a memory location that is no longer valid, which can lead to code execution, denial of service, or privilege escalation. 7.3 AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H
CVE-2021-1076 The NVIDIA GPU display driver for Windows and Linux contains a vulnerability in the kernel mode (nvlddmkm.sys or nvidia.ko) where improper access control can lead to denial of service, disclosure of information, or data corruption. 6.6 AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CVE-2021-1077 The NVIDIA GPU display driver for Windows and Linux contains a vulnerability where the software uses a reference account to drive an improperly updated resource, which could result in a denial of service. 6.6 AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CVE-2021-1078 The NVIDIA GPU display driver for Windows contains a vulnerability in the kernel driver (nvlddmkm.sys), which allows a NULL pointer dereference to cause a system crash. 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

NVIDIA VGPU SOFTWARE

CVE identifiers Description Base value Vector
CVE-2021-1080 The NVIDIA vGPU software contains a vulnerability in the virtual GPU manager (vGPU plug-in) where certain input data is not validated, which could result in information disclosure, data manipulation, or denial of service. 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-1081 The NVIDIA vGPU software contains a vulnerability in the host kernel mode driver and virtual GPU manager (vGPU plug-in) where the input length is not validated, which could lead to information disclosure, data manipulation, or denial of service. 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-1082 The NVIDIA vGPU software contains a vulnerability in the vGPU plug-in where input length is not validated, which could result in information disclosure, data manipulation, or denial of service. 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-1083 The NVIDIA vGPU software contains a vulnerability in the host kernel mode driver and virtual GPU manager (vGPU plug-in) where the input length is not validated, which could lead to information disclosure, data manipulation, or denial of service. 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-1084 The NVIDIA vGPU driver contains a vulnerability in the guest kernel mode driver and the virtual GPU manager (vGPU plugin) that does not validate the length of the input, which can lead to unauthorized data access or denial of service. 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-1085 The NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plug-in) that allows writing to a shared memory folder and manipulation of data after the data has been validated, resulting in a denial of service and elevation of privileges. 7.3 AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
EEC-2021-1086 The NVIDIA vGPU driver contains a vulnerability in the vGPU plug-in that allows the guest to control unauthorized resources, which could lead to loss of integrity, confidentiality, or disclosure of information. 7.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CVE-2021-1087 The NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plug-in) that would allow an attacker to obtain information that could lead to an Address Space Randomization (ASLR) bypass. 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

NVIDIA’s risk assessment is based on the average risk of different installed systems and may not reflect the actual risk of your local installation. NVIDIA recommends that you consult a security or IT professional to assess the risk in your particular configuration.

Source: Support for NVIDIA, Threatpost

Latest news

ASUS introduces the ROG Swift PG32UQX, the world’s first mini LED gaming monitor.

28. April 2021-28. April 2021

Metro Exodus PC Enhanced Edition is released on May 6, requires a ray tracing GPU to work

28. April 2021-28. April 2021

NVIDIA introduces GeForce RTX 30 Lite series to defend against cryptocurrencies

28. April 2021-28. April 2021

Cyberpunk 2077 Hotfix 1.22 implements

28. April 2021-28. April 2021

Addressing Denon and Marantz HDMI 2.1 receivers to prevent errors when transferring 4K/120Hz and 8K/60Hz content from Xbox Series X

28. April 2021-28. April 2021

AMD Ryzen 8000 series Strix APU rumors Item: architectureZen 5, TSMC N3 process,large.LITTLE cores

27. April 202127. April 2021

This source has been very much helpful in doing our research. Read more about nvidia security bulletin 5142 and let us know what you think.

nvidia driversnvidia virtual gpu softwarenvidia security breachnvidia security bulletin 5142nvidia security vulnerabilitynvidia driver identifier,People also search for,Privacy settings,How Search works,nvidia drivers,nvidia virtual gpu software,nvidia security breach,nvidia security bulletin 5142,nvidia security vulnerability,nvidia driver identifier,nvidia driver update,cve‑2021‑1052

You May Also Like