CVE-2021-1052
Publication date 7 January 2021
Last updated 24 July 2024
Ubuntu priority
NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure.
From the Ubuntu Security Team
It was discovered that the NVIDIA GPU display driver for the Linux kernel contained a vulnerability that allowed user-mode clients to access legacy privileged APIs. A local attacker could use this to cause a denial of service or escalate privileges.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| nvidia-graphics-drivers-390 | ||
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| nvidia-graphics-drivers-418-server | ||
| 20.04 LTS focal |
Fixed 418.181.07-0ubuntu0.20.04.1
|
|
| 18.04 LTS bionic |
Fixed 418.181.07-0ubuntu0.18.04.1
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| nvidia-graphics-drivers-440-server | ||
| 20.04 LTS focal | Ignored | |
| 18.04 LTS bionic | Ignored | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| nvidia-graphics-drivers-450 | ||
| 20.04 LTS focal |
Fixed 450.102.04-0ubuntu0.20.04.1
|
|
| 18.04 LTS bionic |
Fixed 450.102.04-0ubuntu0.18.04.1
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| nvidia-graphics-drivers-450-server | ||
| 20.04 LTS focal |
Fixed 450.102.04-0ubuntu0.20.04.1
|
|
| 18.04 LTS bionic |
Fixed 450.102.04-0ubuntu0.18.04.1
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| nvidia-graphics-drivers-455 | ||
| 20.04 LTS focal | Ignored | |
| 18.04 LTS bionic | Ignored | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| nvidia-graphics-drivers-460 | ||
| 20.04 LTS focal |
Fixed 460.32.03-0ubuntu0.20.04.1
|
|
| 18.04 LTS bionic |
Fixed 460.32.03-0ubuntu0.18.04.1
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release |
Notes
alexmurray
CVE-2021-1052 and CVE-2021-1053 affect the following NVIDIA driver series: 450, 455, 418-server, 440-server, 450-server
sbeattie
Does not affect 390 series drivers
sbeattie
NVIDIA series 455 are superseded by series 460 NVIDIA series 440-server are superseded by series 450
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.8 · High
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-4689-1
- NVIDIA graphics drivers vulnerabilities
- 11 January 2021
- USN-4689-2
- Linux kernel vulnerabilities
- 11 January 2021
- USN-4689-3
- NVIDIA graphics drivers vulnerabilities
- 20 January 2021
- USN-4689-4
- Linux kernel update
- 21 January 2021