Vulnerability Details : CVE-2021-1090
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for control calls where the software reads or writes to a buffer by using an index or pointer that references a memory location after the end of the buffer, which may lead to data tampering or denial of service.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2021-1090
- cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*
- cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*
- cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-1090
0.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 34 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-1090
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
3.6
|
LOW | AV:L/AC:L/Au:N/C:N/I:P/A:P |
3.9
|
4.9
|
NIST | |
|
7.1
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
1.8
|
5.2
|
NIST | |
|
7.1
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
1.8
|
5.2
|
NVIDIA Corporation |
CWE ids for CVE-2021-1090
-
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-1090
-
https://security.gentoo.org/glsa/202310-02
NVIDIA Drivers: Multiple Vulnerabilities (GLSA 202310-02) — Gentoo securityThird Party Advisory
-
https://nvidia.custhelp.com/app/answers/detail/a_id/5211
Security Bulletin: NVIDIA GPU Display Drivers - July 2021 | NVIDIAPatch;Vendor Advisory
Jump to