Bug#979670: nvidia-graphics-drivers: =?UTF-8?Q?CVE=E2=80=912021=E2=80=911052, _?= =?UTF-8?Q?CVE=E2=80=912021=E2=80=911053, _?= CVE‑2021‑1056

Andreas Beckmann anbe at debian.org
Sat Jan 9 22:51:40 GMT 2021 

Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
Control: clone -1 -2 -3 -4 -5 -6
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE‑2021‑1056
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE‑2021‑1056
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE‑2021‑1056
Control: reassign -5 src:nvidia-graphics-drivers-tesla-440
Control: retitle -5 nvidia-graphics-drivers-tesla-440: CVE‑2021‑1056
Control: reassign -6 src:nvidia-graphics-drivers-tesla-450
Control: retitle -6 nvidia-graphics-drivers-tesla-450: CVE‑2021‑1052, CVE‑2021‑1053, CVE‑2021‑1056
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 450.51-1
Control: found -1 455.23.04-1

https://nvidia.custhelp.com/app/answers/detail/a_id/5142

CVE‑2021‑1052 	NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for
DxgkDdiEscape or IOCTL in which user-mode clients can access legacy
privileged APIs, which may lead to denial of service, escalation of
privileges, and information disclosure.

CVE‑2021‑1053 	NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for
DxgkDdiEscape or IOCTL in which improper validation of a user pointer
may lead to denial of service.

CVE‑2021‑1056 	NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko) in which it does not
completely honor operating system file system permissions to provide
GPU device-level isolation, which may lead to denial of service or
information disclosure.

CVE‑2021‑1052 and CVE‑2021‑1053 affect R460 and R450 driver branches only.


Andreas

More information about the pkg-nvidia-devel mailing list