CVE-2021-1054 - NVIDIA GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode lay

CVE-2021-1054

Summary

NVIDIA GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action, which may lead to denial of service.

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5142

Vulnerable Configurations

cpe:2.3:a:nvidia:gpu_driver:390:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:gpu_driver:390:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:gpu_driver:390.141:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:gpu_driver:390.141:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:gpu_driver:418:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:gpu_driver:418:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:gpu_driver:450:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:gpu_driver:450:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:gpu_driver:450.102.04:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:gpu_driver:450.102.04:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:gpu_driver:460:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:gpu_driver:460:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:gpu_driver:460.32.03:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:gpu_driver:460.32.03:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 14-01-2021 - 15:35)
Impact:
Exploitability:

CWE

CWE-863

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:N/A:P

refmap via4

confirm

https://nvidia.custhelp.com/app/answers/detail/a_id/5142

Last major update

14-01-2021 - 15:35

Published

08-01-2021 - 01:15

Last modified

14-01-2021 - 15:35