NVIDIA has warned users of five critical vulnerabilities in the graphics processing unit (GPU) display driver that could allow attackers to elevate privileges on a device, execute arbitrary code, cause a «denial of service» (DoS) condition, and steal information.

The NVIDIA virtual graphics processing unit (vGPU) software also has a number of issues that could lead to a range of similar attacks.

The most dangerous vulnerability in the GPU display driver (CVE-2021-1074) was rated 7.5 on the CVSS scale and exists in the display driver installer, and allows an attacker with local system access to replace an application resource with malicious files. Such an attack may lead to code execution, escalation of privileges, DoS attack, or information disclosure.

Another issue (CVE-2021-1075) in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape is related to the pointer dereference process.

NVIDIA vGPU software has eight different vulnerabilities. The first four dangerous problems are related to improper input validation and the exploitation of them may lead to information disclosure, data tampering or DoS attacks. The other four can lead to data tampering, a «denial of service» (DoS) condition on the system, or an escalation of privileges.

NVIDIA has released fixes to resolve all issues.

Source: securitylab.ru