CVE-2021-1093 : NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in firm

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in firmware where the driver contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary, and may lead to denial of service or system crash.

Published 2021-07-22 05:15:08

Updated 2023-10-13 01:43:55

Source NVIDIA Corporation

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2021-1093

Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Nvidia » Gpu Display Driver » For Windows
Versions from including (>=) 462.31 and before (<) 462.96
cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*
Matching versions
Nvidia » Gpu Display Driver » For Linux
Versions from including (>=) 450.119.03 and before (<) 450.142.00
cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*
Matching versions
Nvidia » Gpu Display Driver » For Linux
Versions from including (>=) 418.197.02 and before (<) 418.211.00
cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*
Matching versions
Nvidia » Gpu Display Driver » For Linux
Versions from including (>=) 460.73.01 and before (<) 460.91.03
cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*
Matching versions
Nvidia » Gpu Display Driver » For Windows
Versions from including (>=) 452.96 and before (<) 453.10
cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*
Matching versions
Nvidia » Gpu Display Driver » For Windows
Versions from including (>=) 427.33 and before (<) 427.48
cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-1093

EPSS FAQ

0.10%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 25 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-1093

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.9	MEDIUM	AV:L/AC:L/Au:N/C:N/I:N/A:C	3.9	6.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
6.2	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	2.5	3.6	NVIDIA Corporation
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2021-1093

CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-1093

https://security.gentoo.org/glsa/202310-02

NVIDIA Drivers: Multiple Vulnerabilities (GLSA 202310-02) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2022/01/msg00013.html

[SECURITY] [DLA 2888-1] nvidia-graphics-drivers security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://nvidia.custhelp.com/app/answers/detail/a_id/5211

Security Bulletin: NVIDIA GPU Display Drivers - July 2021 | NVIDIA
Patch;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2021-1093

Products affected by CVE-2021-1093

Exploit prediction scoring system (EPSS) score for CVE-2021-1093

CVSS scores for CVE-2021-1093

CWE ids for CVE-2021-1093

References for CVE-2021-1093