Published: 08/01/2021 Updated: 13/10/2023

CVSS v2 Base Score: 3.6 | Impact Score: 4.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.1 | Impact Score: 5.2 | Exploitability Score: 1.8

VMScore: 320

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P

NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nvidia gpu_driver
debian debian linux 9.0

The NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer (nvidiako) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure This issue is fixed in versions 4603203, 45010204 and 390141 ...

PoC for CVE-2021-1056, related to GPU Container Security

CVE-2021-1056 CVE-2021-1056 is a vulnerability I submitted to NVIDIA PSIRT Personally, it may lead to high security risks in multi-tenant HPC clusters, especially in cloud machine-learning platforms This repository simply demonstrates the vulnerability on GPU containers created by nvidia-container-runtime How it works By creating specific character device files an attacker

CWE-276 https://nvidia.custhelp.com/app/answers/detail/a_id/5142 https://lists.debian.org/debian-lts-announce/2022/01/msg00013.html https://security.gentoo.org/glsa/202310-02 https://nvd.nist.gov https://github.com/pokerfaceSad/CVE-2021-1056 https://security.archlinux.org/CVE-2021-1056

CVE-2021-1056

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect