CVE-2021-1052

Published: 7 January 2021

NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure.

From the Ubuntu Security Team

It was discovered that the NVIDIA GPU display driver for the Linux kernel contained a vulnerability that allowed user-mode clients to access legacy privileged APIs. A local attacker could use this to cause a denial of service or escalate privileges.

Notes

Author	Note
alexmurray	CVE-2021-1052 and CVE-2021-1053 affect the following NVIDIA driver series: 450, 455, 418-server, 440-server, 450-server
sbeattie	Does not affect 390 series drivers
sbeattie	NVIDIA series 455 are superseded by series 460 NVIDIA series 440-server are superseded by series 450

Author

Note

alexmurray

CVE-2021-1052 and CVE-2021-1053 affect the following NVIDIA driver series: 450, 455, 418-server, 440-server, 450-server

sbeattie

Does not affect 390 series drivers

sbeattie

NVIDIA series 455 are superseded by series 460 NVIDIA series 440-server are superseded by series 450

Priority

Cvss 3 Severity Score

7.8

Score breakdown

Status

Package	Release	Status
nvidia-graphics-drivers-390 Launchpad, Ubuntu, Debian	bionic	Not vulnerable
	focal	Not vulnerable
	groovy	Not vulnerable
	trusty	Does not exist
	upstream	Not vulnerable
	xenial	Does not exist
nvidia-graphics-drivers-418-server Launchpad, Ubuntu, Debian	bionic	Released (418.181.07-0ubuntu0.18.04.1)
	focal	Released (418.181.07-0ubuntu0.20.04.1)
	groovy	Released (418.181.07-0ubuntu0.20.10.1)
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
nvidia-graphics-drivers-440-server Launchpad, Ubuntu, Debian	bionic	Ignored (superseded by 450-server)
	focal	Ignored (superseded by 450-server)
	groovy	Ignored (end of life)
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
nvidia-graphics-drivers-450 Launchpad, Ubuntu, Debian	bionic	Released (450.102.04-0ubuntu0.18.04.1)
	focal	Released (450.102.04-0ubuntu0.20.04.1)
	groovy	Released (450.102.04-0ubuntu0.20.10.1)
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
nvidia-graphics-drivers-450-server Launchpad, Ubuntu, Debian	bionic	Released (450.102.04-0ubuntu0.18.04.1)
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
	focal	Released (450.102.04-0ubuntu0.20.04.1)
	groovy	Released (450.102.04-0ubuntu0.20.10.1)
nvidia-graphics-drivers-455 Launchpad, Ubuntu, Debian	bionic	Ignored (not available)
	focal	Ignored (not available)
	groovy	Ignored (end of life)
	trusty	Does not exist
	upstream	Ignored
	xenial	Does not exist
nvidia-graphics-drivers-460 Launchpad, Ubuntu, Debian	bionic	Released (460.32.03-0ubuntu0.18.04.1)
	focal	Released (460.32.03-0ubuntu0.20.04.1)
	groovy	Released (460.32.03-0ubuntu0.20.10.1)
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist

Severity score breakdown

Parameter	Value
Base score	7.8
Attack vector	Local
Attack complexity	Low
Privileges required	Low
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

Bugs

https://bugs.launchpad.net/ubuntu/+bug/1906680

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›