SB2021072051 - Multiple vulnerabilities in NVIDIA GPU Display Driver

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Insecure DLL loading (CVE-ID: CVE-2021-1089)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the application loads DLL libraries in an insecure manner in nvidia-smi. A local user can place a malicious .dll file on the system and execute arbitrary code with elevated privileges.

2) Access of Memory Location After End of Buffer (CVE-ID: CVE-2021-1090)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in in the kernel mode layer (nvlddmkm.sys) handler for control calls. A local user can run a specially crafted program to trigger memory corruption and perform a denial of service (DoS) attack.

3) Windows Hard Link (CVE-ID: CVE-2021-1091)

The vulnerability allows a local user to overwrite arbitrary files on the system.

The vulnerability exists due to incorrect processing of hard links. A local user can create a hard link to a critical file on the system and overwrite it with elevated privileges.

4) Reachable Assertion (CVE-ID: CVE-2021-1093)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion. A local user can run a specially crafted program to perform a denial of service (DoS) attack.

5) Out-of-bounds read (CVE-ID: CVE-2021-1094)

The vulnerability allows a local user to gain access to potentially sensitive information or perform a denial of service attack.

The vulnerability exists due to a boundary condition in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape. A local user can run a specially crafted program to trigger an out-of-bounds read and gain access to sensitive information or crash perform a DoS attack.

6) Untrusted Pointer Dereference (CVE-ID: CVE-2021-1095)

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to untrusted pointer dereference in the kernel mode layer (nvlddmkm.sys) handlers for all control calls with embedded parameters. A local user can run a specially crafted program to perform a denial of service (DoS) attack.

7) Link following (CVE-ID: CVE-2021-1092)

The vulnerability allows a local user to overwrite arbitrary files on the system.

The vulnerability exists due to a symbolic link following in the NVIDIA Control Panel application. A local user can create a symbolic link to a critical file on the system and overwrite it, causing a denial of service condition.

8) NULL pointer dereference (CVE-ID: CVE-2021-1096)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the NVIDIA kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://nvidia.custhelp.com/app/answers/detail/a_id/5211