Lucene search
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.NVIDIA_UNIX_2021_01_CVE-2021-1056.NASLHistoryFeb 11, 2021 - 12:00 a.m.
NVIDIA Linux GPU Display (January 2021) (CVE-2021-1056)
2021-02-1100:00:00
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
6.7 Medium
AI Score
Confidence
High
The NVIDIA GPU display driver software on the remote host is missing a security update. It is, therefore, affected by a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation. Successful exploitation of this vulnerability by an unauthenticated, local attacker may lead to denial of service or information disclosure.
Note that Nessus has not tested for the issue but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable Network Security, Inc.
##
include('compat.inc');
if (description)
{
script_id(146429);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/08");
script_cve_id("CVE-2021-1056");
script_xref(name:"IAVB", value:"2021-B-0005-S");
script_name(english:"NVIDIA Linux GPU Display (January 2021) (CVE-2021-1056)");
script_set_attribute(attribute:"synopsis", value:
"A display driver installed on the remote Linux host is affected by a denial or service / information disclosure vulnerability.");
script_set_attribute(attribute:"description", value:
"The NVIDIA GPU display driver software on the remote host is missing a security update. It is, therefore, affected by
a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system
permissions to provide GPU device-level isolation. Successful exploitation of this vulnerability by an unauthenticated, local attacker
may lead to denial of service or information disclosure.
Note that Nessus has not tested for the issue but has instead relied only on the application's self-reported version
number.");
# https://nvidia.custhelp.com/app/answers/detail/a_id/5142
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ce9736e3");
script_set_attribute(attribute:"solution", value:
"Upgrade the NVIDIA graphics driver in accordance with the vendor advisory.");
script_set_attribute(attribute:"agent", value:"unix");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-1056");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/07");
script_set_attribute(attribute:"patch_publication_date", value:"2020/01/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/02/11");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:nvidia:gpu_driver");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("nvidia_unix_driver_detect.nbin");
script_require_keys("NVIDIA_UNIX_Driver/Version", "NVIDIA_UNIX_Driver/GPU_Model", "Settings/ParanoidReport");
exit(0);
}
include('vcf_extras_nvidia.inc');
var app_info = vcf::nvidia_gpu::get_app_info();
if (report_paranoia < 2)
audit(AUDIT_PARANOID);
var constraints = [
{'min_version':'460', 'fixed_version':'460.32.03', 'gpumodel':['geforce', 'nvs','quadro','tesla']},
{'min_version':'450', 'fixed_version':'450.102.04', 'gpumodel':['geforce', 'nvs','quadro','tesla']},
{'min_version':'390', 'fixed_version':'390.141', 'gpumodel':['nvs','quadro']},
{'min_version':'418', 'fixed_version':'418.181.07', 'gpumodel':'tesla'}
];
vcf::nvidia_gpu::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_NOTE
);| Vendor | Product | Version | CPE |
|---|---|---|---|
| nvidia | gpu_driver | cpe:/a:nvidia:gpu_driver |
Related
githubexploit
githubexploit
Exploit for Incorrect Default Permissions in Nvidia Gpu Driver
2021-01-08 11:29:48
cve
cve
CVE-2021-1056
2021-01-08 01:15:00
prion
prion
Information disclosure
2021-01-08 01:15:00
debiancve
debiancve
CVE-2021-1056
2021-01-08 01:15:00
nessus
nessus
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4689-2)
2021-01-12 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS : NVIDIA graphics drivers vulnerabilities (USN-4689-1)
2021-01-13 00:00:00
Debian DLA-2888-1 : nvidia-graphics-drivers - LTS security update
2022-01-18 00:00:00
ubuntu
ubuntu
Linux kernel update
2021-01-21 00:00:00
NVIDIA graphics drivers vulnerabilities
2021-01-20 00:00:00
NVIDIA graphics drivers vulnerabilities
2021-01-11 00:00:00
ubuntucve
ubuntucve
CVE-2021-1056
2021-01-07 00:00:00
threatpost
threatpost
NVIDIA Gamers Face DoS, Data Loss from Shield TV Bugs
2021-01-20 20:45:43
Nvidia Squashes High-Severity Jetson DoS Flaw
2021-01-26 22:11:54
osv
osv
archlinux
archlinux
[ASA-202101-19] nvidia-utils: multiple issues
2021-01-12 00:00:00
debian
debian
[SECURITY] [DLA 2888-1] nvidia-graphics-drivers security update
2022-01-18 20:42:16
nvidia
nvidia
Security Bulletin: NVIDIA GPU Display Driver - January 2021
2021-01-07 00:00:00
gentoo
gentoo
NVIDIA Drivers: Multiple Vulnerabilities
2023-10-03 00:00:00