https://nvidia.custhelp.com/app/answers/detail/a_id/5142

The remote Ubuntu 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4689-4 advisory.

  - NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode     layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy     privileged APIs, which may lead to denial of service, escalation of privileges, and information     disclosure. (CVE-2021-1052)

  - NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode     layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which improper validation of a user pointer may     lead to denial of service. (CVE-2021-1053)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Ubuntu 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4689-3 advisory.

  - NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode     layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy     privileged APIs, which may lead to denial of service, escalation of privileges, and information     disclosure. (CVE-2021-1052)

  - NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode     layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which improper validation of a user pointer may     lead to denial of service. (CVE-2021-1053)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

A display driver installed on the remote Windows host is affected by multiple vulnerabilities:
    
    - NVIDIA GPU Display Driver contains a vulnerability in the NVIDIA Control Panel component, in which an     attacker with local system access can corrupt a system file, which may lead to denial of service or     escalation of privileges (CVE-2020-5962).

    - NVIDIA CUDA Driver contains a vulnerability in the Inter Process Communication APIs, in which improper      access control may lead to code execution, denial of service, or information disclosure (CVE-2020-5963).

    - NVIDIA GPU Display Driver contains a vulnerability in the service host component, in which the     application resources integrity check may be missed. Such an attack may lead to code execution,     denial of service or information disclosure (CVE-2020-5964).
    Note that Nessus has not attempted to exploit these issues but has instead relied only on the driver's   self-reported version number.

The NVIDIA GPU display driver software on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities:

  - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer   (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged   APIs, which may lead to denial of service, escalation of privileges, and information disclosure. (CVE‑2021‑1052)   
  - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys)   handler for DxgkDdiEscape or IOCTL in which improper validation of a user pointer may lead to denial of   service. (CVE‑2021‑1053)

Note that Nessus has not tested for the issue but has instead relied only on the application's self-reported version number.

The remote Ubuntu 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4689-1 advisory.

  - NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode     layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy     privileged APIs, which may lead to denial of service, escalation of privileges, and information     disclosure. (CVE-2021-1052)

  - NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode     layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which improper validation of a user pointer may     lead to denial of service. (CVE-2021-1053)

  - NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer     (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU     device-level isolation, which may lead to denial of service or information disclosure. (CVE-2021-1056)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Ubuntu 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4689-2 advisory.

  - NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode     layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy     privileged APIs, which may lead to denial of service, escalation of privileges, and information     disclosure. (CVE-2021-1052)

  - NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode     layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which improper validation of a user pointer may     lead to denial of service. (CVE-2021-1053)

  - NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer     (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU     device-level isolation, which may lead to denial of service or information disclosure. (CVE-2021-1056)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
145234	Ubuntu 18.04 LTS / 20.04 LTS / 20.10 : Linux kernel update (USN-4689-4)	Nessus	Ubuntu Local Security Checks	high
145228	Ubuntu 18.04 LTS / 20.04 LTS / 20.10 : NVIDIA graphics drivers vulnerabilities (USN-4689-3)	Nessus	Ubuntu Local Security Checks	high
145035	NVIDIA Windows GPU Display Driver (January 2021)	Nessus	Windows	high
145034	NVIDIA Linux GPU Display (January 2021)	Nessus	Misc.	high
144897	Ubuntu 18.04 LTS / 20.04 LTS / 20.10 : NVIDIA graphics drivers vulnerabilities (USN-4689-1)	Nessus	Ubuntu Local Security Checks	high
144869	Ubuntu 18.04 LTS / 20.04 LTS / 20.10 : Linux kernel vulnerabilities (USN-4689-2)	Nessus	Ubuntu Local Security Checks	high

CVE-2021-1052

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

high

high

high

high

high

high