Bug#991351: nvidia-graphics-drivers: CVE-2021-1093, CVE-2021-1094, CVE-2021-1095

Andreas Beckmann anbe at debian.org
Wed Jul 21 13:38:52 BST 2021 

Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
Control: clone -1 -2 -3 -4 -5 -6 -7
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2021-1093, CVE-2021-1094, CVE-2021-1095
Control: tag -2 + wontfix
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2021-1093, CVE-2021-1094, CVE-2021-1095
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2021-1093, CVE-2021-1094, CVE-2021-1095
Control: reassign -5 src:nvidia-graphics-drivers-tesla-440 440.64.00-1
Control: retitle -5 nvidia-graphics-drivers-tesla-440: CVE-2021-1093, CVE-2021-1094, CVE-2021-1095
Control: tag -5 + wontfix
Control: reassign -6 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
Control: retitle -6 nvidia-graphics-drivers-tesla-450: CVE-2021-1093, CVE-2021-1094, CVE-2021-1095
Control: reassign -7 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
Control: retitle -7 nvidia-graphics-drivers-tesla-460: CVE-2021-1093, CVE-2021-1094, CVE-2021-1095
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 450.51-1
Control: found -1 455.23.04-1
Control: found -1 465.24.02-1

https://nvidia.custhelp.com/app/answers/detail/a_id/5211

CVE‑2021‑1093 	NVIDIA GPU Display Driver for Windows and Linux
contains a vulnerability in firmware where the driver contains an
assert() or similar statement that can be triggered by an attacker,
which leads to an application exit or other behavior that is more
severe than necessary, and may lead to denial of service or system
crash.

CVE‑2021‑1094 	NVIDIA GPU Display Driver for Windows and Linux
contains a vulnerability in the kernel mode layer (nvlddmkm.sys)
handler for DxgkDdiEscape where an out of bounds array access may
lead to denial of service or information disclosure.

CVE‑2021‑1095 	NVIDIA GPU Display Driver for Windows and Linux
contains a vulnerability in the kernel mode layer (nvlddmkm.sys)
handlers for all control calls with embedded parameters where
dereferencing an untrusted pointer may lead to denial of service.

Driver Branch 			CVE IDs Addressed
R470, R460, R450, R418, R390 	CVE‑2021‑1093, CVE‑2021‑1094, CVE‑2021‑1095

Andreas

More information about the pkg-nvidia-devel mailing list