Vulnerabilities > Nvidia > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-07-22 CVE-2021-1089 Uncontrolled Search Path Element vulnerability in Nvidia GPU Display Driver 427.33/452.96/462.31
NVIDIA GPU Display Driver for Windows contains a vulnerability in nvidia-smi where an uncontrolled DLL loading path may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.
local
low complexity
nvidia CWE-427
4.6
2021-07-22 CVE-2021-1093 Improper Resource Shutdown or Release vulnerability in multiple products
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in firmware where the driver contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary, and may lead to denial of service or system crash.
local
low complexity
nvidia debian CWE-404
5.5
2021-07-22 CVE-2021-1094 Out-of-bounds Read vulnerability in multiple products
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an out of bounds array access may lead to denial of service or information disclosure.
local
low complexity
nvidia debian CWE-125
6.1
2021-07-22 CVE-2021-1095 NULL Pointer Dereference vulnerability in multiple products
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handlers for all control calls with embedded parameters where dereferencing an untrusted pointer may lead to denial of service.
local
low complexity
nvidia debian CWE-476
5.5
2021-07-22 CVE-2021-1096 NULL Pointer Dereference vulnerability in Nvidia GPU Display Driver 427.33/452.96/462.31
NVIDIA Windows GPU Display Driver for Windows contains a vulnerability in the NVIDIA kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where dereferencing a NULL pointer may lead to a system crash.
local
low complexity
nvidia CWE-476
4.9
2021-07-21 CVE-2021-1097 Improper Input Validation vulnerability in Nvidia Virtual GPU
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it improperly validates the length field in a request from a guest.
local
low complexity
nvidia CWE-20
4.6
2021-07-21 CVE-2021-1098 Improper Resource Shutdown or Release vulnerability in Nvidia Virtual GPU
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it doesn't release some resources during driver unload requests from guests.
local
low complexity
nvidia CWE-404
4.6
2021-07-21 CVE-2021-1099 Out-of-bounds Write vulnerability in Nvidia Virtual GPU
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin) that could allow an attacker to cause stack-based buffer overflow and put a customized ROP gadget on the stack.
local
low complexity
nvidia CWE-787
4.6
2021-06-30 CVE-2021-34374 Improper Input Validation vulnerability in Nvidia Jetson Linux
Trusty contains a vulnerability in command handlers where the length of input buffers is not verified.
local
low complexity
nvidia CWE-20
4.6
2021-06-30 CVE-2021-34375 Out-of-bounds Write vulnerability in Nvidia Jetson Linux
Trusty contains a vulnerability in all trusted applications (TAs) where the stack cookie was not randomized, which might result in stack-based buffer overflow, leading to denial of service, escalation of privileges, and information disclosure.
local
low complexity
nvidia CWE-787
4.6