Bug#991351: nvidia-graphics-drivers: CVE-2021-1093, CVE-2021-1094, CVE-2021-1095

Wed, 21 Jul 2021 05:42:14 -0700 

Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
Control: clone -1 -2 -3 -4 -5 -6 -7
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2021-1093, 
CVE-2021-1094, CVE-2021-1095
Control: tag -2 + wontfix
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2021-1093, 
CVE-2021-1094, CVE-2021-1095
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2021-1093, 
CVE-2021-1094, CVE-2021-1095
Control: reassign -5 src:nvidia-graphics-drivers-tesla-440 440.64.00-1
Control: retitle -5 nvidia-graphics-drivers-tesla-440: CVE-2021-1093, 
CVE-2021-1094, CVE-2021-1095
Control: tag -5 + wontfix
Control: reassign -6 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
Control: retitle -6 nvidia-graphics-drivers-tesla-450: CVE-2021-1093, 
CVE-2021-1094, CVE-2021-1095
Control: reassign -7 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
Control: retitle -7 nvidia-graphics-drivers-tesla-460: CVE-2021-1093, 
CVE-2021-1094, CVE-2021-1095
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 450.51-1
Control: found -1 455.23.04-1
Control: found -1 465.24.02-1

https://nvidia.custhelp.com/app/answers/detail/a_id/5211

CVE‑2021‑1093   NVIDIA GPU Display Driver for Windows and Linux
contains a vulnerability in firmware where the driver contains an
assert() or similar statement that can be triggered by an attacker,
which leads to an application exit or other behavior that is more
severe than necessary, and may lead to denial of service or system
crash.

CVE‑2021‑1094   NVIDIA GPU Display Driver for Windows and Linux
contains a vulnerability in the kernel mode layer (nvlddmkm.sys)
handler for DxgkDdiEscape where an out of bounds array access may
lead to denial of service or information disclosure.

CVE‑2021‑1095   NVIDIA GPU Display Driver for Windows and Linux
contains a vulnerability in the kernel mode layer (nvlddmkm.sys)
handlers for all control calls with embedded parameters where
dereferencing an untrusted pointer may lead to denial of service.

Driver Branch                   CVE IDs Addressed
R470, R460, R450, R418, R390    CVE‑2021‑1093, CVE‑2021‑1094, CVE‑2021‑1095

Andreas

Reply via email to