Nvidia has disclosed a group of security vulnerabilities in the Nvidia graphics processing unit (GPU) display driver, which could subject gamers and others to privilege-escalation attacks, arbitrary code execution, denial of service (DoS) and information disclosure.
Meanwhile, the Nvidia virtual GPU (vGPU) software also has a group of bugs that could lead to a range of similar attacks.
5 GPU Display Driver Security Bugs
The most severe of the five bugs in the GPU display driver is tracked as CVE-2021-1074, which rates 7.5 out of 10 on the CVSS vulnerability scale, making it high-severity. It exists in the display driver’s installer, and allows an attacker with local system access to replace an application resource with malicious files. Such an attack may lead to code execution, escalation of privileges, denial of service, or information disclosure.
Another high-severity bug, CVE-2021-1075, rates 7.3 on the CVSS scale. NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the program dereferences a pointer that contains a location for memory that is no longer valid, which may lead to code execution, denial of service, or escalation of privileges.
Two medium-severity flaws, CVE-2021-1076 and CVE-2021-1077, both rate 6.6 on the CVSS scale. The former NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of service, information disclosure, or data corruption. The latter NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver branch, contains a vulnerability where the software uses a reference count to manage a resource that is incorrectly updated, which may lead to denial of service.
And finally, the medium-severity CVE-2021-1078 rates 5.5 on the CVSS scale and NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel driver (nvlddmkm.sys) where a NULL pointer dereference may lead to system crash.
8 Nvidia vGPU Software Vulnerabilities
Meanwhile, Nvidia’s vGPU software has eight different security holes. The virtualized GPU allows computing acceleration tailored for resource-intensive workloads like graphics-rich virtual workstations, data science and artificial intelligence.
The first four bugs are high-severity input-validation bugs that can lead to information disclosure, data tampering or DoS.
These are:
- CVE‑2021‑1080 (7.8 on the CVSS scale): A vulnerability in the vGPU Manager (vGPU plugin), in which certain input data is not validated;
- CVE‑2021‑1081 (7.8): A vulnerability in the guest kernel mode driver and vGPU manager (vGPU plugin), in which an input length is not validated;
- CVE‑2021‑1082 (7.8): A vulnerability in the vGPU Manager (vGPU plugin), stemming from an input length not being validated;
- CVE‑2021‑1083 (7.8): A vulnerability in the guest kernel-mode driver and vGPU Manager (vGPU plugin), also arising from an input length not being validated.
The other four could lead to a variety of outcomes if exploited:
- CVE‑2021‑1084 (7.8): A vulnerability in the guest kernel-mode driver and vGPU Manager (vGPU plugin), in which an input length is not validated, which may lead to data tampering or DoS;
- CVE‑2021‑1085 (7.3): A vulnerability in the vGPU Manager (vGPU plugin) could allow an attacker to write to a shared-memory location and manipulate the data after the data has been validated, which may lead to denial of service and escalation of privileges;
- CVE‑2021‑1086 (7.1): A vulnerability in the vGPU Manager (vGPU plugin) allows guests to control unauthorized resources, which may lead to integrity and confidentiality loss, or information disclosure;
- CVE‑2021‑1087 (5.5): A vulnerability in the vGPU Manager (vGPU plugin), could allow an attacker to retrieve information that could lead to an address space layout randomization (ASLR) bypass, which in turn could crack open the door to memory-corruption bug exploitation.
Nvidia has released patches to mitigate all of the bugs, which uses can download at through the Nvidia Driver Downloads page or, for the vGPU software update, through the Nvidia Licensing Portal. Affected version tables are available in Nvidia’s advisory, released Friday.
Nvidia continues to address security bugs on a regular basis. In January, it released fixes tied to 16 CVEs across its graphics drivers and vGPU software, in its first security update of 2021. And soon after, it issued patches for its Tesla-based GPUs and its Shield TV lineup.
Download our exclusive FREE Threatpost Insider eBook, “2021: The Evolution of Ransomware,” to help hone your cyber-defense strategies against this growing scourge. We go beyond the status quo to uncover what’s next for ransomware and the related emerging risks. Get the whole story and DOWNLOAD the eBook now – on us!