Login Sign Up

CVE-2021-1056

7.1 HIGH
Denial of Service

📋 TL;DR

This vulnerability in NVIDIA GPU Display Driver for Linux allows attackers to bypass file system permissions on GPU devices, potentially leading to denial of service or information disclosure. It affects all versions of the driver on Linux systems where NVIDIA GPUs are present. The issue resides in the kernel mode layer (nvidia.ko) which fails to properly enforce OS-level isolation.

💻 Affected Systems

Products:
  • NVIDIA GPU Display Driver for Linux
Versions: All versions
Operating Systems: Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with NVIDIA GPUs using the proprietary driver; open-source Nouveau driver not affected.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Gpu Driver by Nvidia

View all CVEs affecting Gpu Driver →

Gpu Driver by Nvidia

View all CVEs affecting Gpu Driver →

Gpu Driver by Nvidia

View all CVEs affecting Gpu Driver →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could gain unauthorized access to GPU memory, potentially exfiltrating sensitive data from other processes or causing system instability through GPU resource manipulation.

🟠

Likely Case

Local privilege escalation allowing unauthorized GPU access, potentially leading to information leakage between processes sharing the GPU or denial of service through GPU resource exhaustion.

🟢

If Mitigated

With proper access controls and isolation, impact is limited to local users with existing system access; remote exploitation would require prior local access.

🌐 Internet-Facing: LOW
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access to the system; no public exploit code has been disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 470.86 or later

Vendor Advisory: https://nvidia.custhelp.com/app/answers/detail/a_id/5142

Restart Required: Yes

Instructions:

1. Download latest NVIDIA driver from official site 2. Stop display manager (e.g., sudo systemctl stop gdm) 3. Run NVIDIA installer with --silent flag 4. Reboot system

🔧 Temporary Workarounds

Restrict GPU device access

linux

Set strict permissions on GPU device files to limit access

sudo chmod 600 /dev/nvidia*

🧯 If You Can't Patch

  • Implement strict access controls on /dev/nvidia* device files
  • Isolate GPU workloads to trusted users only using cgroups or containers

🔍 How to Verify

Check if Vulnerable:

Check NVIDIA driver version: cat /proc/driver/nvidia/version | grep -i version

Check Version:

cat /proc/driver/nvidia/version

Verify Fix Applied:

Verify driver version is 470.86 or higher: cat /proc/driver/nvidia/version

📡 Detection & Monitoring

Log Indicators:

  • Unusual access patterns to /dev/nvidia* device files
  • Kernel logs showing permission denied errors for GPU access

Network Indicators:

  • None - local vulnerability only

SIEM Query:

source="/var/log/syslog" AND "nvidia" AND ("permission denied" OR "access denied")

📊 Metadata

CVE ID: CVE-2021-1056
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE: CWE-276
Published: January 8, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-1056, you might also want to check these:

CVE-2025-40585 9.9

Energy Services solutions using G5DFR contain default credentials, allowing attackers to gain contro...

Same vulnerability type (CWE-276)
CVE-2023-47462 9.8

This vulnerability allows remote attackers to execute arbitrary code on GL.iNet AX1800 routers by ex...

Same vulnerability type (CWE-276)
CVE-2022-41572 9.8

CVE-2022-41572 is a privilege escalation vulnerability in EyesOfNetwork (EON) where nmap can be exec...

Same vulnerability type (CWE-276)