7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
12.6%
Severity: High
Date : 2021-01-12
CVE-ID : CVE-2021-1052 CVE-2021-1053 CVE-2021-1056
Package : nvidia-utils
Type : multiple issues
Remote : No
Link : https://security.archlinux.org/AVG-1417
The package nvidia-utils before version 460.32.03-1 is vulnerable to
multiple issues including privilege escalation, denial of service and
information disclosure.
Upgrade to 460.32.03-1.
The problems have been fixed upstream in version 460.32.03.
None.
The NVIDIA GPU Display Driver, all versions of the R460 and R450 driver
branches, contains a vulnerability in the kernel mode layer (nvidia.ko)
handler for DxgkDdiEscape or IOCTL in which user-mode clients can
access legacy privileged APIs, which may lead to denial of service,
escalation of privileges, and information disclosure. This issue is
fixed in versions 460.32.03 and 450.102.04.
The NVIDIA GPU Display Driver, all versions of the R460 and R450 driver
branches, contains a vulnerability in the kernel mode layer (nvidia.ko)
handler for DxgkDdiEscape or IOCTL in which improper validation of a
user pointer may lead to denial of service. This issue is fixed in
versions 460.32.03 and 450.102.04.
The NVIDIA GPU Display Driver contains a vulnerability in the kernel
mode layer (nvidia.ko) in which it does not completely honor operating
system file system permissions to provide GPU device-level isolation,
which may lead to denial of service or information disclosure. This
issue is fixed in versions 460.32.03, 450.102.04 and 390.141.
A local user might crash the service, escalate privileges or disclose
sensitive information.
https://nvidia.custhelp.com/app/answers/detail/a_id/5142
https://security.archlinux.org/CVE-2021-1052
https://security.archlinux.org/CVE-2021-1053
https://security.archlinux.org/CVE-2021-1056
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ArchLinux | any | any | nvidia-utils | < 460.32.03-1 | UNKNOWN |
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
12.6%