Vulnerabilities > CVE-2021-1054 - Incorrect Authorization vulnerability in Nvidia GPU Driver

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

local

low complexity

nvidia

CWE-863

NVD

Published: 2021-01-08

Updated: 2021-01-14

Summary

NVIDIA GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action, which may lead to denial of service.

Vulnerable Configurations

Part	Description	Count
Application	Nvidia Nvidia GPU Driver 390 Nvidia GPU Driver 390.141 Nvidia GPU Driver 418 Nvidia GPU Driver 450 Nvidia GPU Driver 450.102.04 Nvidia GPU Driver 460 Nvidia GPU Driver 460.32.03	7
OS	Microsoft Microsoft Windows -	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5142