Vulnerabilities > CVE-2021-1054 - Incorrect Authorization vulnerability in Nvidia GPU Driver

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

nvidia

CWE-863

NVD

Published: 2021-01-08

Updated: 2021-01-14

Summary

NVIDIA GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action, which may lead to denial of service.

Vulnerable Configurations

Part	Description	Count
Application	Nvidia Nvidia GPU Driver 390 Nvidia GPU Driver 390.141 Nvidia GPU Driver 418 Nvidia GPU Driver 450 Nvidia GPU Driver 450.102.04 Nvidia GPU Driver 460 Nvidia GPU Driver 460.32.03	7
OS	Microsoft Microsoft Windows -	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5142