It turns out that NVIDIA’s GeForce Game Ready 461.09 driver, which was released yesterday, includes security fixes addressing various issues that may lead to denial of service, escalation of privileges, data tampering, or information disclosure. GeForce, RTX/Quadro, NVS, and Tesla GPU users will want to install this update right away from the NVIDIA Driver Downloads page. Virtual GPUs have also received a similar security update, which can be downloaded from the NVIDIA Licensing Portal.
NVIDIA GPU Display Driver Vulnerability Details
| CVE IDs | Description | Base Score | Vector |
|---|---|---|---|
| CVE‑2021‑1051 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which an operation is performed which may lead to denial of service or escalation of privileges. | 8.4 | AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H |
| CVE‑2021‑1052 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure. | 7.8 | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CVE‑2021‑1053 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which improper validation of a user pointer may lead to denial of service. | 6.6 | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H |
| CVE‑2021‑1054 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action, which may lead to denial of service. | 6.5 | AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H |
| CVE‑2021‑1055 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which improper access control may lead to denial of service and information disclosure. | 5.3 | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
| CVE‑2021‑1056 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure. | 5.3 | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |