CVE-2021-1095

low-risk
Published 2021-07-22

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handlers for all control calls with embedded parameters where dereferencing an untrusted pointer may lead to denial of service.

Do I need to act?

-
0.29% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (3)

Affected Vendors

Debian Nvidia

References (6)

Mailing List https://lists.debian.org/debian-lts-announce/2022/01/msg00013.html
Patch https://nvidia.custhelp.com/app/answers/detail/a_id/5211
Third Party Advisory https://security.gentoo.org/glsa/202310-02
Mailing List https://lists.debian.org/debian-lts-announce/2022/01/msg00013.html
Patch https://nvidia.custhelp.com/app/answers/detail/a_id/5211
Third Party Advisory https://security.gentoo.org/glsa/202310-02
28
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 9/34 · Low