Login Sign Up

CVE-2021-1052

7.8 HIGH
Denial of Service

📋 TL;DR

This vulnerability in NVIDIA GPU Display Driver allows user-mode applications to access privileged kernel APIs through the DxgkDdiEscape or IOCTL handlers. This could lead to denial of service, privilege escalation, or information disclosure. All users of NVIDIA GPU Display Driver on Windows and Linux are affected.

💻 Affected Systems

Products:
  • NVIDIA GPU Display Driver
Versions: All versions prior to patched versions
Operating Systems: Windows, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Affects both Windows and Linux versions of the NVIDIA GPU Display Driver. The vulnerability is in the kernel mode layer handler (nvlddmkm.sys).

📦 What is this software?

Gpu Driver by Nvidia

View all CVEs affecting Gpu Driver →

Gpu Driver by Nvidia

View all CVEs affecting Gpu Driver →

Gpu Driver by Nvidia

View all CVEs affecting Gpu Driver →

Gpu Driver by Nvidia

View all CVEs affecting Gpu Driver →

Gpu Driver by Nvidia

View all CVEs affecting Gpu Driver →

Gpu Driver by Nvidia

View all CVEs affecting Gpu Driver →

Gpu Driver by Nvidia

View all CVEs affecting Gpu Driver →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with kernel-level privilege escalation, allowing attackers to execute arbitrary code, steal sensitive data, or cause permanent system damage.

🟠

Likely Case

Local privilege escalation allowing attackers to gain administrative privileges on the affected system, potentially leading to lateral movement within networks.

🟢

If Mitigated

Limited impact with proper access controls and monitoring, potentially only denial of service if exploitation attempts are detected and blocked.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to the system.
🏢 Internal Only: HIGH - Attackers with initial access to a system could escalate privileges and move laterally within the network.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access to the system and knowledge of the vulnerable API calls. No public proof-of-concept has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Latest NVIDIA GPU Display Driver versions as specified in NVIDIA security bulletin

Vendor Advisory: https://nvidia.custhelp.com/app/answers/detail/a_id/5142

Restart Required: Yes

Instructions:

1. Download the latest NVIDIA GPU Display Driver from NVIDIA's official website. 2. Uninstall the current driver. 3. Install the updated driver. 4. Restart the system.

🔧 Temporary Workarounds

Restrict User Access

all

Limit user access to systems with vulnerable NVIDIA drivers to reduce attack surface

Monitor for Suspicious Activity

all

Implement monitoring for unusual driver or kernel activity

🧯 If You Can't Patch

  • Implement strict access controls to limit who can access systems with vulnerable drivers
  • Deploy additional monitoring and detection for privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check NVIDIA driver version against patched versions listed in NVIDIA security bulletin

Check Version:

Windows: nvidia-smi (in command prompt) or check Display Driver version in NVIDIA Control Panel. Linux: nvidia-smi or check /proc/driver/nvidia/version

Verify Fix Applied:

Verify driver version matches or exceeds the patched version specified by NVIDIA

📡 Detection & Monitoring

Log Indicators:

  • Unusual kernel mode driver activity
  • Suspicious DxgkDdiEscape or IOCTL calls
  • Privilege escalation attempts

Network Indicators:

  • Lateral movement from systems with vulnerable drivers
  • Unusual outbound connections after local compromise

SIEM Query:

Search for events related to nvlddmkm.sys driver activity, privilege escalation, or unusual kernel API calls

📊 Metadata

CVE ID: CVE-2021-1052
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Published: January 8, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON