Vulnerability Name:

CVE-2021-1093 (CCN-206180)

Assigned:2020-11-12
Published:2021-07-20
Updated:2022-03-09
Summary:NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in firmware where the driver contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary, and may lead to denial of service or system crash.
CVSS v3 Severity:5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:4.9 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-404
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2021-1093

Source: XF
Type: UNKNOWN
nvidia-cve20211093-dos(206180)

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20220118 [SECURITY] [DLA 2888-1] nvidia-graphics-drivers security update

Source: CCN
Type: NVIDIA Security Bulletin Answer ID 5211
NVIDIA GPU Display Drivers - July 2021

Source: CONFIRM
Type: Patch, Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5211

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2021-1093

Vulnerable Configuration:Configuration 1:
  • cpe:/a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:* (Version >= 418.197.02 and < 418.211.00)
  • OR cpe:/a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:* (Version >= 427.33 and < 427.48)
  • OR cpe:/a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:* (Version >= 450.119.03 and < 450.142.00)
  • OR cpe:/a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:* (Version >= 452.96 and < 453.10)
  • OR cpe:/a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:* (Version >= 460.73.01 and < 460.91.03)
  • OR cpe:/a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:* (Version >= 462.31 and < 462.96)

    • Configuration 2:
  • cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    nvidia gpu display driver *
    nvidia gpu display driver *
    nvidia gpu display driver *
    nvidia gpu display driver *
    nvidia gpu display driver *
    nvidia gpu display driver *
    debian debian linux 9.0