GPU_CVE_April_2021

CVE-2021-1074 thru CVE-2021-1078
2025-05-07 11:06:39 +00:00 · 2021-04-21 17:24:25 -05:00 · 2021-04-21 17:24:25 -05:00 · a885ce77b2
commit a885ce77b2
parent 9b3fd84d41
5 changed files with 415 additions and 85 deletions
--- a/2021/1xxx/CVE-2021-1074.json
+++ b/2021/1xxx/CVE-2021-1074.json
@ -1,18 +1,84 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2021-1074",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
-            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
-            }
-        ]
-    }
-}
+	"CVE_data_meta" : {
+		"ASSIGNER" : "psirt@nvidia.com",
+		"ID" : "CVE-2021-1074",
+		"STATE" : "PUBLIC"
+	},
+	"affects" : {
+		"vendor" : {
+			"vendor_data" : [
+				{
+					"product" : {
+						"product_data" : [
+							{
+								"product_name" : "NVIDIA GPU Display Driver",
+								"version" : {
+									"version_data" : [
+										{
+											"version_value" : "R390 driver branch"
+										}
+									]
+								}
+							}
+						]
+					},
+					"vendor_name" : "NVIDIA"
+				}
+			]
+		}
+	},
+	"data_format" : "MITRE",
+	"data_type" : "CVE",
+	"data_version" : "4.0",
+	"description" : {
+		"description_data" : [
+			{
+				"lang" : "eng",
+				"value" : "NVIDIA Windows GPU Display Driver for Windows, R390 driver branch, contains a vulnerability in its installer where an attacker with local system access may replace an application resource with malicious files. Such an attack may lead to code execution, escalation of privileges, denial of service, or information disclosure. "
+			}
+		]
+	},
+	"generator" : {
+		"engine" : "Vulnogram 0.0.9"
+	},
+	"impact" : {
+		"cvss" : {
+			"attackComplexity" : "HIGH",
+			"attackVector" : "LOCAL",
+			"availabilityImpact" : "HIGH",
+			"baseScore" : 7.5,
+			"baseSeverity" : "HIGH",
+			"confidentialityImpact" : "HIGH",
+			"integrityImpact" : "HIGH",
+			"privilegesRequired" : "LOW",
+			"scope" : "CHANGED",
+			"userInteraction" : "REQUIRED",
+			"vectorString" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
+			"version" : "3.1"
+		}
+	},
+	"problemtype" : {
+		"problemtype_data" : [
+			{
+				"description" : [
+					{
+						"lang" : "eng",
+						"value" : "code execution, denial of service, escalation of privileges, information disclosure"
+					}
+				]
+			}
+		]
+	},
+	"references" : {
+		"reference_data" : [
+			{
+				"name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5172",
+				"refsource" : "CONFIRM",
+				"url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5172"
+			}
+		]
+	},
+	"source" : {
+		"discovery" : "UNKNOWN"
+	}
+}
--- a/2021/1xxx/CVE-2021-1075.json
+++ b/2021/1xxx/CVE-2021-1075.json
@ -1,18 +1,84 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2021-1075",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
-            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
-            }
-        ]
-    }
-}
+	"CVE_data_meta" : {
+		"ASSIGNER" : "psirt@nvidia.com",
+		"ID" : "CVE-2021-1075",
+		"STATE" : "PUBLIC"
+	},
+	"affects" : {
+		"vendor" : {
+			"vendor_data" : [
+				{
+					"product" : {
+						"product_data" : [
+							{
+								"product_name" : "NVIDIA GPU Display Driver",
+								"version" : {
+									"version_data" : [
+										{
+											"version_value" : "All"
+										}
+									]
+								}
+							}
+						]
+					},
+					"vendor_name" : "NVIDIA"
+				}
+			]
+		}
+	},
+	"data_format" : "MITRE",
+	"data_type" : "CVE",
+	"data_version" : "4.0",
+	"description" : {
+		"description_data" : [
+			{
+				"lang" : "eng",
+				"value" : "NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the program dereferences a pointer that contains a location for memory that is no longer valid, which may lead to code execution, denial of service, or escalation of privileges."
+			}
+		]
+	},
+	"generator" : {
+		"engine" : "Vulnogram 0.0.9"
+	},
+	"impact" : {
+		"cvss" : {
+			"attackComplexity" : "LOW",
+			"attackVector" : "LOCAL",
+			"availabilityImpact" : "HIGH",
+			"baseScore" : 7.3,
+			"baseSeverity" : "HIGH",
+			"confidentialityImpact" : "NONE",
+			"integrityImpact" : "LOW",
+			"privilegesRequired" : "LOW",
+			"scope" : "CHANGED",
+			"userInteraction" : "NONE",
+			"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H",
+			"version" : "3.1"
+		}
+	},
+	"problemtype" : {
+		"problemtype_data" : [
+			{
+				"description" : [
+					{
+						"lang" : "eng",
+						"value" : "code exectution, denial of service, escalation of privileges"
+					}
+				]
+			}
+		]
+	},
+	"references" : {
+		"reference_data" : [
+			{
+				"name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5172",
+				"refsource" : "CONFIRM",
+				"url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5172"
+			}
+		]
+	},
+	"source" : {
+		"discovery" : "UNKNOWN"
+	}
+}
--- a/2021/1xxx/CVE-2021-1076.json
+++ b/2021/1xxx/CVE-2021-1076.json
@ -1,18 +1,84 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2021-1076",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
-            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
-            }
-        ]
-    }
-}
+	"CVE_data_meta" : {
+		"ASSIGNER" : "psirt@nvidia.com",
+		"ID" : "CVE-2021-1076",
+		"STATE" : "PUBLIC"
+	},
+	"affects" : {
+		"vendor" : {
+			"vendor_data" : [
+				{
+					"product" : {
+						"product_data" : [
+							{
+								"product_name" : "NVIDIA GPU Display Driver",
+								"version" : {
+									"version_data" : [
+										{
+											"version_value" : "All"
+										}
+									]
+								}
+							}
+						]
+					},
+					"vendor_name" : "NVIDIA"
+				}
+			]
+		}
+	},
+	"data_format" : "MITRE",
+	"data_type" : "CVE",
+	"data_version" : "4.0",
+	"description" : {
+		"description_data" : [
+			{
+				"lang" : "eng",
+				"value" : "NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of service, information disclosure, or data corruption."
+			}
+		]
+	},
+	"generator" : {
+		"engine" : "Vulnogram 0.0.9"
+	},
+	"impact" : {
+		"cvss" : {
+			"attackComplexity" : "LOW",
+			"attackVector" : "LOCAL",
+			"availabilityImpact" : "HIGH",
+			"baseScore" : 6.6,
+			"baseSeverity" : "MEDIUM",
+			"confidentialityImpact" : "LOW",
+			"integrityImpact" : "LOW",
+			"privilegesRequired" : "LOW",
+			"scope" : "UNCHANGED",
+			"userInteraction" : "NONE",
+			"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
+			"version" : "3.1"
+		}
+	},
+	"problemtype" : {
+		"problemtype_data" : [
+			{
+				"description" : [
+					{
+						"lang" : "eng",
+						"value" : "denial of service , escalation of privileges, data loss"
+					}
+				]
+			}
+		]
+	},
+	"references" : {
+		"reference_data" : [
+			{
+				"name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5172",
+				"refsource" : "CONFIRM",
+				"url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5172"
+			}
+		]
+	},
+	"source" : {
+		"discovery" : "UNKNOWN"
+	}
+}
--- a/2021/1xxx/CVE-2021-1077.json
+++ b/2021/1xxx/CVE-2021-1077.json
@ -1,18 +1,84 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2021-1077",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
-            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
-            }
-        ]
-    }
-}
+	"CVE_data_meta" : {
+		"ASSIGNER" : "psirt@nvidia.com",
+		"ID" : "CVE-2021-1077",
+		"STATE" : "PUBLIC"
+	},
+	"affects" : {
+		"vendor" : {
+			"vendor_data" : [
+				{
+					"product" : {
+						"product_data" : [
+							{
+								"product_name" : "NVIDIA GPU Display Driver",
+								"version" : {
+									"version_data" : [
+										{
+											"version_value" : "R450 and R460 driver branch"
+										}
+									]
+								}
+							}
+						]
+					},
+					"vendor_name" : "NVIDIA"
+				}
+			]
+		}
+	},
+	"data_format" : "MITRE",
+	"data_type" : "CVE",
+	"data_version" : "4.0",
+	"description" : {
+		"description_data" : [
+			{
+				"lang" : "eng",
+				"value" : "NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver branch, contains a vulnerability where the software uses a reference count to manage a resource that is incorrectly updated, which may lead to denial of service."
+			}
+		]
+	},
+	"generator" : {
+		"engine" : "Vulnogram 0.0.9"
+	},
+	"impact" : {
+		"cvss" : {
+			"attackComplexity" : "LOW",
+			"attackVector" : "LOCAL",
+			"availabilityImpact" : "HIGH",
+			"baseScore" : 6.6,
+			"baseSeverity" : "MEDIUM",
+			"confidentialityImpact" : "LOW",
+			"integrityImpact" : "LOW",
+			"privilegesRequired" : "LOW",
+			"scope" : "UNCHANGED",
+			"userInteraction" : "NONE",
+			"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
+			"version" : "3.1"
+		}
+	},
+	"problemtype" : {
+		"problemtype_data" : [
+			{
+				"description" : [
+					{
+						"lang" : "eng",
+						"value" : "denial of service"
+					}
+				]
+			}
+		]
+	},
+	"references" : {
+		"reference_data" : [
+			{
+				"name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5172",
+				"refsource" : "CONFIRM",
+				"url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5172"
+			}
+		]
+	},
+	"source" : {
+		"discovery" : "UNKNOWN"
+	}
+}
--- a/2021/1xxx/CVE-2021-1078.json
+++ b/2021/1xxx/CVE-2021-1078.json
@ -1,18 +1,84 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2021-1078",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
-            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
-            }
-        ]
-    }
-}
+	"CVE_data_meta" : {
+		"ASSIGNER" : "psirt@nvidia.com",
+		"ID" : "CVE-2021-1078",
+		"STATE" : "PUBLIC"
+	},
+	"affects" : {
+		"vendor" : {
+			"vendor_data" : [
+				{
+					"product" : {
+						"product_data" : [
+							{
+								"product_name" : "NVIDIA GPU Display Driver",
+								"version" : {
+									"version_data" : [
+										{
+											"version_value" : "All"
+										}
+									]
+								}
+							}
+						]
+					},
+					"vendor_name" : "NVIDIA"
+				}
+			]
+		}
+	},
+	"data_format" : "MITRE",
+	"data_type" : "CVE",
+	"data_version" : "4.0",
+	"description" : {
+		"description_data" : [
+			{
+				"lang" : "eng",
+				"value" : "NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel driver (nvlddmkm.sys) where a NULL pointer dereference may lead to system crash."
+			}
+		]
+	},
+	"generator" : {
+		"engine" : "Vulnogram 0.0.9"
+	},
+	"impact" : {
+		"cvss" : {
+			"attackComplexity" : "LOW",
+			"attackVector" : "LOCAL",
+			"availabilityImpact" : "HIGH",
+			"baseScore" : 5.5,
+			"baseSeverity" : "MEDIUM",
+			"confidentialityImpact" : "NONE",
+			"integrityImpact" : "NONE",
+			"privilegesRequired" : "LOW",
+			"scope" : "UNCHANGED",
+			"userInteraction" : "NONE",
+			"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+			"version" : "3.1"
+		}
+	},
+	"problemtype" : {
+		"problemtype_data" : [
+			{
+				"description" : [
+					{
+						"lang" : "eng",
+						"value" : "denial of service"
+					}
+				]
+			}
+		]
+	},
+	"references" : {
+		"reference_data" : [
+			{
+				"name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5172",
+				"refsource" : "CONFIRM",
+				"url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5172"
+			}
+		]
+	},
+	"source" : {
+		"discovery" : "UNKNOWN"
+	}
+}