CVE-2021-1052 - Vulnerability Details

Vendors	Products
Linux	Linux Kernel
Microsoft	Windows
Nvidia	Gpu Driver

Link	Providers
https://nvidia.custhelp.com/app/answers/detail/a_id/5142
https://security.gentoo.org/glsa/202310-02

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-1052", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "dateUpdated": "2024-08-03T15:55:18.575Z", "dateReserved": "2020-11-12T00:00:00", "datePublished": "2021-01-08T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2023-10-03T14:06:22.117734"}, "descriptions": [{"lang": "en", "value": "NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure."}], "affected": [{"vendor": "NVIDIA", "product": "NVIDIA GPU Display Driver", "versions": [{"version": "All", "status": "affected"}]}], "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5142"}, {"name": "GLSA-202310-02", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202310-02"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "denial of service,  escalation of privileges, or information disclosure"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:55:18.575Z"}, "title": "CVE Program Container", "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5142", "tags": ["x_transferred"]}, {"name": "GLSA-202310-02", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202310-02"}]}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

state : PUBLISHED (string)

cveId : CVE-2021-1052 (string)

assignerOrgId : 9576f279-3576-44b5-a4af-b9a8644b2de6 (string)

assignerShortName : nvidia (string)

dateUpdated : 2024-08-03T15:55:18.575Z (string)

dateReserved : 2020-11-12T00:00:00 (string)

datePublished : 2021-01-08T00:00:00 (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 9576f279-3576-44b5-a4af-b9a8644b2de6 (string)

shortName : nvidia (string)

dateUpdated : 2023-10-03T14:06:22.117734 (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure. (string)

}

]

affected : [ »

0 : { »

vendor : NVIDIA (string)

product : NVIDIA GPU Display Driver (string)

versions : [ »

0 : { »

version : All (string)

status : affected (string)

}

]

}

]

references : [ »

0 : { »

url : https://nvidia.custhelp.com/app/answers/detail/a_id/5142 (string)

}

1 : { »

name : GLSA-202310-02 (string)

tags : [ »

0 : vendor-advisory (string)

]

url : https://security.gentoo.org/glsa/202310-02 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : text (string)

lang : en (string)

description : denial of service, escalation of privileges, or information disclosure (string)

}

]

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T15:55:18.575Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://nvidia.custhelp.com/app/answers/detail/a_id/5142 (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

name : GLSA-202310-02 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

url : https://security.gentoo.org/glsa/202310-02 (string)

}

]

}

]

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "232441BD-1864-44BB-9E98-8E23B53B4D09", "versionEndExcluding": "392.63", "versionStartIncluding": "390", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "F3F9EE41-66A0-4A36-9B22-4F2FCC2647C4", "versionEndExcluding": "427.11", "versionStartIncluding": "418", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "51520B29-811E-49A8-AEA0-55EBD4C557F1", "versionEndExcluding": "452.77", "versionStartIncluding": "450", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "05BEB8FB-E490-4E05-A6D6-0BAE65F67284", "versionEndExcluding": "461.09", "versionStartIncluding": "460", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "D3F8BB68-C2C5-4F08-83C8-4FA15820F340", "versionEndExcluding": "390.141", "versionStartIncluding": "390", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "9549CBBA-2F6F-4A64-8E5B-7717332F74DE", "versionEndExcluding": "450.102.04", "versionStartIncluding": "450", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "81372853-B278-4AEE-A014-8238B4D4E338", "versionEndExcluding": "460.32.03", "versionStartIncluding": "460", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure."}, {"lang": "es", "value": "NVIDIA GPU Display Driver para Windows y Linux, todas las versiones, contiene una vulnerabilidad en el manejador de la capa del modo kernel (nvlddmkm.sys) para la funci\u00f3n DxgkDdiEscape o IOCTL en el que los clientes en modo de usuario pueden acceder a la API con privilegios heredados, lo que puede conllevar a una denegaci\u00f3n de servicio, escalada de privilegios y divulgaci\u00f3n de informaci\u00f3n"}], "id": "CVE-2021-1052", "lastModified": "2024-11-21T05:43:28.093", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-01-08T01:15:14.400", "references": [{"source": "psirt@nvidia.com", "tags": ["Vendor Advisory"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5142"}, {"source": "psirt@nvidia.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202310-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5142"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202310-02"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 232441BD-1864-44BB-9E98-8E23B53B4D09 (string)

versionEndExcluding : 392.63 (string)

versionStartIncluding : 390 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:* (string)

matchCriteriaId : F3F9EE41-66A0-4A36-9B22-4F2FCC2647C4 (string)

versionEndExcluding : 427.11 (string)

versionStartIncluding : 418 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 51520B29-811E-49A8-AEA0-55EBD4C557F1 (string)

versionEndExcluding : 452.77 (string)

versionStartIncluding : 450 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 05BEB8FB-E490-4E05-A6D6-0BAE65F67284 (string)

versionEndExcluding : 461.09 (string)

versionStartIncluding : 460 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* (string)

matchCriteriaId : A2572D17-1DE6-457B-99CC-64AFD54487EA (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:* (string)

matchCriteriaId : D3F8BB68-C2C5-4F08-83C8-4FA15820F340 (string)

versionEndExcluding : 390.141 (string)

versionStartIncluding : 390 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 9549CBBA-2F6F-4A64-8E5B-7717332F74DE (string)

versionEndExcluding : 450.102.04 (string)

versionStartIncluding : 450 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 81372853-B278-4AEE-A014-8238B4D4E338 (string)

versionEndExcluding : 460.32.03 (string)

versionStartIncluding : 460 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 703AF700-7A70-47E2-BC3A-7FD03B3CA9C1 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure. (string)

}

1 : { »

lang : es (string)

value : NVIDIA GPU Display Driver para Windows y Linux, todas las versiones, contiene una vulnerabilidad en el manejador de la capa del modo kernel (nvlddmkm.sys) para la función DxgkDdiEscape o IOCTL en el que los clientes en modo de usuario pueden acceder a la API con privilegios heredados, lo que puede conllevar a una denegación de servicio, escalada de privilegios y divulgación de información (string)

}

]

id : CVE-2021-1052 (string)

lastModified : 2024-11-21T05:43:28.093 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 7.2 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:L/AC:L/Au:N/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 10 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 7.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2021-01-08T01:15:14.400 (string)

references : [ »

0 : { »

source : psirt@nvidia.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://nvidia.custhelp.com/app/answers/detail/a_id/5142 (string)

}

1 : { »

source : psirt@nvidia.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://security.gentoo.org/glsa/202310-02 (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://nvidia.custhelp.com/app/answers/detail/a_id/5142 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://security.gentoo.org/glsa/202310-02 (string)

}

]

sourceIdentifier : psirt@nvidia.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-noinfo (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object