Bug#991351: nvidia-graphics-drivers: CVE-2021-1093, CVE-2021-1094, CVE-2021-1095
Andreas Beckmann
anbe at debian.org
Wed Jul 21 13:38:52 BST 2021
Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
Control: clone -1 -2 -3 -4 -5 -6 -7
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2021-1093, CVE-2021-1094, CVE-2021-1095
Control: tag -2 + wontfix
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2021-1093, CVE-2021-1094, CVE-2021-1095
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2021-1093, CVE-2021-1094, CVE-2021-1095
Control: reassign -5 src:nvidia-graphics-drivers-tesla-440 440.64.00-1
Control: retitle -5 nvidia-graphics-drivers-tesla-440: CVE-2021-1093, CVE-2021-1094, CVE-2021-1095
Control: tag -5 + wontfix
Control: reassign -6 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
Control: retitle -6 nvidia-graphics-drivers-tesla-450: CVE-2021-1093, CVE-2021-1094, CVE-2021-1095
Control: reassign -7 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
Control: retitle -7 nvidia-graphics-drivers-tesla-460: CVE-2021-1093, CVE-2021-1094, CVE-2021-1095
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 450.51-1
Control: found -1 455.23.04-1
Control: found -1 465.24.02-1
https://nvidia.custhelp.com/app/answers/detail/a_id/5211
CVE‑2021‑1093 NVIDIA GPU Display Driver for Windows and Linux
contains a vulnerability in firmware where the driver contains an
assert() or similar statement that can be triggered by an attacker,
which leads to an application exit or other behavior that is more
severe than necessary, and may lead to denial of service or system
crash.
CVE‑2021‑1094 NVIDIA GPU Display Driver for Windows and Linux
contains a vulnerability in the kernel mode layer (nvlddmkm.sys)
handler for DxgkDdiEscape where an out of bounds array access may
lead to denial of service or information disclosure.
CVE‑2021‑1095 NVIDIA GPU Display Driver for Windows and Linux
contains a vulnerability in the kernel mode layer (nvlddmkm.sys)
handlers for all control calls with embedded parameters where
dereferencing an untrusted pointer may lead to denial of service.
Driver Branch CVE IDs Addressed
R470, R460, R450, R418, R390 CVE‑2021‑1093, CVE‑2021‑1094, CVE‑2021‑1095
Andreas
More information about the pkg-nvidia-devel
mailing list