The NVIDIA GPU display driver software on the remote host is missing a security update. It is, therefore, affected by a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation. Successful exploitation of this vulnerability by an unauthenticated, local attacker may lead to denial of service or information disclosure.
Note that Nessus has not tested for the issue but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable Network Security, Inc.
##
include('compat.inc');
if (description)
{
script_id(146429);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/08");
script_cve_id("CVE-2021-1056");
script_xref(name:"IAVB", value:"2021-B-0005-S");
script_name(english:"NVIDIA Linux GPU Display (January 2021) (CVE-2021-1056)");
script_set_attribute(attribute:"synopsis", value:
"A display driver installed on the remote Linux host is affected by a denial or service / information disclosure vulnerability.");
script_set_attribute(attribute:"description", value:
"The NVIDIA GPU display driver software on the remote host is missing a security update. It is, therefore, affected by
a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system
permissions to provide GPU device-level isolation. Successful exploitation of this vulnerability by an unauthenticated, local attacker
may lead to denial of service or information disclosure.
Note that Nessus has not tested for the issue but has instead relied only on the application's self-reported version
number.");
# https://nvidia.custhelp.com/app/answers/detail/a_id/5142
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ce9736e3");
script_set_attribute(attribute:"solution", value:
"Upgrade the NVIDIA graphics driver in accordance with the vendor advisory.");
script_set_attribute(attribute:"agent", value:"unix");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-1056");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/07");
script_set_attribute(attribute:"patch_publication_date", value:"2020/01/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/02/11");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:nvidia:gpu_driver");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("nvidia_unix_driver_detect.nbin");
script_require_keys("NVIDIA_UNIX_Driver/Version", "NVIDIA_UNIX_Driver/GPU_Model", "Settings/ParanoidReport");
exit(0);
}
include('vcf_extras_nvidia.inc');
var app_info = vcf::nvidia_gpu::get_app_info();
if (report_paranoia < 2)
audit(AUDIT_PARANOID);
var constraints = [
{'min_version':'460', 'fixed_version':'460.32.03', 'gpumodel':['geforce', 'nvs','quadro','tesla']},
{'min_version':'450', 'fixed_version':'450.102.04', 'gpumodel':['geforce', 'nvs','quadro','tesla']},
{'min_version':'390', 'fixed_version':'390.141', 'gpumodel':['nvs','quadro']},
{'min_version':'418', 'fixed_version':'418.181.07', 'gpumodel':'tesla'}
];
vcf::nvidia_gpu::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_NOTE
);
Vendor | Product | Version | CPE |
---|---|---|---|
nvidia | gpu_driver | cpe:/a:nvidia:gpu_driver |