CVE-2021-1056

Published: 07 January 2021

NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure.

From the Ubuntu security team

Xinyuan Lyu discovered that the NVIDIA GPU display driver for the Linux kernel did not properly restrict device-level GPU isolation. A local attacker could use this to cause a denial of service or possibly expose sensitive information.

Priority

Medium

CVSS 3 base score: 7.1

Status

Package Release Status
nvidia-graphics-drivers-390
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo)
Released (390.141-0ubuntu1)
Ubuntu 20.10 (Groovy Gorilla)
Released (390.141-0ubuntu0.20.10.1)
Ubuntu 20.04 LTS (Focal Fossa)
Released (390.141-0ubuntu0.20.04.1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (390.141-0ubuntu0.18.04.1)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

nvidia-graphics-drivers-418-server
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Pending
(418.181.07-0ubuntu1)
Ubuntu 20.10 (Groovy Gorilla)
Released (418.181.07-0ubuntu0.20.10.1)
Ubuntu 20.04 LTS (Focal Fossa)
Released (418.181.07-0ubuntu0.20.04.1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (418.181.07-0ubuntu0.18.04.1)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

nvidia-graphics-drivers-440-server
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Ignored
(superseded by 450-server)
Ubuntu 20.10 (Groovy Gorilla) Ignored
(superseded by 450-server)
Ubuntu 20.04 LTS (Focal Fossa) Ignored
(superseded by 450-server)
Ubuntu 18.04 LTS (Bionic Beaver) Ignored
(superseded by 450-server)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

nvidia-graphics-drivers-450
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo)
Released (450.102.04-0ubuntu1)
Ubuntu 20.10 (Groovy Gorilla)
Released (450.102.04-0ubuntu0.20.10.1)
Ubuntu 20.04 LTS (Focal Fossa)
Released (450.102.04-0ubuntu0.20.04.1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (450.102.04-0ubuntu0.18.04.1)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

nvidia-graphics-drivers-450-server
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Pending
(450.102.04-0ubuntu1)
Ubuntu 20.10 (Groovy Gorilla)
Released (450.102.04-0ubuntu0.20.10.1)
Ubuntu 20.04 LTS (Focal Fossa)
Released (450.102.04-0ubuntu0.20.04.1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (450.102.04-0ubuntu0.18.04.1)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

nvidia-graphics-drivers-455
Launchpad, Ubuntu, Debian
Upstream Ignored

Ubuntu 21.04 (Hirsute Hippo) Ignored
(not available)
Ubuntu 20.10 (Groovy Gorilla) Ignored
(not available)
Ubuntu 20.04 LTS (Focal Fossa) Ignored
(not available)
Ubuntu 18.04 LTS (Bionic Beaver) Ignored
(not available)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

nvidia-graphics-drivers-460
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo)
Released (460.32.03-0ubuntu1)
Ubuntu 20.10 (Groovy Gorilla)
Released (460.32.03-0ubuntu0.20.10.1)
Ubuntu 20.04 LTS (Focal Fossa)
Released (460.32.03-0ubuntu0.20.04.1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (460.32.03-0ubuntu0.18.04.1)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Notes

AuthorNote
amurray CVE-2021-1052, CVE-2021-1053, and CVE-2021-1056 affect the following NVIDIA driver series: 450, 455, 418-server, 440-server, 450-server
sbeattie NVIDIA series 455 are superseded by the 460 series. NVIDIA series 440-server are superseded by 450-server.

References

Bugs