Stay Secure with the Latest Linux Advisories

security advisorydenial of servicehigh severity

Arch Linux: 202101-19 High Severity: Multiple Issues in Nvidia-Utils

The package nvidia-utils before version 460.32.03-1 is vulnerable to multiple issues including privilege escalation, denial of service and information disclosure. . Arch Linux Security Advisory ASA-202101-19 ========================================= Severity: High Date : 2021-01-12 CVE-ID : CVE-2021-1052 CVE-2021-1053 CVE-2021-1056 Package : nvidia-utils Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-1417 Summary ====== The package nvidia-utils before version 460.32.03-1 is vulnerable to multiple issues including privilege escalation, denial of service and information disclosure. Resolution ========= Upgrade to 460.32.03-1. # pacman -Syu "nvidia-utils> =460.32.03-1" The problems have been fixed upstream in version 460.32.03. Workaround ========= None. Description ========== - CVE-2021-1052 (privilege escalation) The NVIDIA GPU Display Driver, all versions of the R460 and R450 driver branches, contains a vulnerability in the kernel mode layer (nvidia.ko) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure. This issue is fixed in versions 460.32.03 and 450.102.04. - CVE-2021-1053 (denial of service) The NVIDIA GPU Display Driver, all versions of the R460 and R450 driver branches, contains a vulnerability in the kernel mode layer (nvidia.ko) handler for DxgkDdiEscape or IOCTL in which improper validation of a user pointer may lead to denial of service. This issue is fixed in versions 460.32.03 and 450.102.04. - CVE-2021-1056 (information disclosure) The NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure. This issue is fixed in versions 460.32.03, 450.102.04 and 390.141. Impact ===== A local user might crash theservice, escalate privileges or disclose sensitive information. References ========= https://nvidia.custhelp.com/app/answers/detail/a_id/5142 https://security.archlinux.org/CVE-2021-1052 https://security.archlinux.org/CVE-2021-1053 https://security.archlinux.org/CVE-2021-1056 . CentOS Security Notice CNS-202203-28 highlights critical vulnerabilities in kernel-utils that impact various system functionalities.. Nvidia Utils, Arch Linux, Security Advisory, Privilege Escalation, Denial of Service. . LinuxSecurity.com Team

Jan 15, 2021 ArchLinux