Nvidia GPU Display Driver Vulnerability April 2021

Discover Vulnerable NVIDIA Drivers on Your Network

Nvidia released a new security bulletin detailing 5 new vulnerabilities in their display drivers for Geforce, RTX, Quadro and Tesla graphics cards. While these vulnerabilities still require an attacker to get local access first, they can be abused and lead to code execution, escalation of privileges, denial of service, and information disclosure in a worst-case scenario.

With the report below, you'll be able to detect which driver versions are running in your IT estate. Additionally, the color-coding will quickly indicate if you have any devices that require a driver update. Run the report below and check if you have any vulnerable devices.

CVE-2021-1074

The Nvidia GPU Display Driver for the R390 series on Windows contains a vulnerability within the installer. This could allow for an attacker who has local system access to replace application resources with malware. It could result in an escalation of privileges, code execution, denial of service or data loss.

CVE-2021-1075

The Nvidia GPU Display Driver for Windows has a vulnerability within the kernel mode layer handler for DxgkDdiEscape where the program dereferences a pointer that contains a location for memory that is no longer valid. This could result in denial of service, code execution or escalation of privileges.

CVE-2021-1076

The Nvidia GPU Display Driver for Windows and Linux has a vulnerability in the kernel mode layer. Improper access control could cause data corruption (or loss) or could lead to a denial of service.

CVE-2021-1077

The Nvidia GPU Display Driver for Windows and Linux contains a vulnerability. It causes problems where the software (the driver) uses a reference count to manage a resource that isn't updated correctly. If done well, this could lead to a denial of service.

CVE-2021-1078

The Nvidia GPU Display Driver for Windows has a vulnerability within the kernel driver where a NULL pointer dereference could cause a system crash.

Nvidia GPU Display Driver Vulnerability Query

Select Distinct Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
tblAssets.IPAddress,
tblVideoController.Caption,
SubString(NvidiaAssets.DriverVersion, 0, Len(NvidiaAssets.DriverVersion) -
1) + '.' + SubString(NvidiaAssets.DriverVersion,
Len(NvidiaAssets.DriverVersion) - 1, Len(NvidiaAssets.DriverVersion)) As
DriverVersion,
Case
When tblVideoController.Caption Like '%geforce%' And
NvidiaAssets.DriverVersion Between 46500 And 46599 And
NvidiaAssets.DriverVersion < 46611 Then 'Vulnerable'
When tblVideoController.Caption Like '%geforce%' And
NvidiaAssets.DriverVersion Between 46000 And 46499 And
NvidiaAssets.DriverVersion < 46231 Then 'Vulnerable'
When (tblVideoController.Caption Like '%RTX%A%' Or
tblVideoController.Caption Like '%quadro%' Or
tblVideoController.Caption Like '%NVS%') And
NvidiaAssets.DriverVersion Between 46500 And 46599 And
NvidiaAssets.DriverVersion < 46611 Then 'Vulnerable'
When (tblVideoController.Caption Like '%RTX%A%' Or
tblVideoController.Caption Like '%quadro%' Or
tblVideoController.Caption Like '%NVS%') And
NvidiaAssets.DriverVersion Between 46000 And 46499 And
NvidiaAssets.DriverVersion < 46231 Then 'Vulnerable'
When (tblVideoController.Caption Like '%RTX%A%' Or
tblVideoController.Caption Like '%quadro%' Or
tblVideoController.Caption Like '%NVS%') And
NvidiaAssets.DriverVersion Between 45000 And 45599 And
NvidiaAssets.DriverVersion < 45296 Then 'Vulnerable'
When (tblVideoController.Caption Like '%RTX%A%' Or
tblVideoController.Caption Like '%quadro%' Or
tblVideoController.Caption Like '%NVS%') And
NvidiaAssets.DriverVersion Between 39000 And 40999 And
NvidiaAssets.DriverVersion < 39265 Then 'Vulnerable'
When (tblVideoController.Caption Like '%tesla%') And
NvidiaAssets.DriverVersion Between 46000 And 46499 And
NvidiaAssets.DriverVersion < 46231 Then 'Vulnerable'
When (tblVideoController.Caption Like '%tesla%') And
NvidiaAssets.DriverVersion Between 45000 And 45599 And
NvidiaAssets.DriverVersion < 45296 Then 'Vulnerable'
When (tblVideoController.Caption Like '%tesla%') And
NvidiaAssets.DriverVersion Between 41800 And 42999 And
NvidiaAssets.DriverVersion < 42733 Then 'Vulnerable'
Else 'Safe'
End As [Vulnerable/Safe],
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tsysOS.OSname As OS,
tblAssets.SP,
tblAssets.Lastseen,
tblAssets.Lasttried,
Case
When tblVideoController.Caption Like '%geforce%' And
NvidiaAssets.DriverVersion Between 46500 And 46599 And
NvidiaAssets.DriverVersion < 46611 Then '#ffadad'
When tblVideoController.Caption Like '%geforce%' And
NvidiaAssets.DriverVersion Between 46000 And 46499 And
NvidiaAssets.DriverVersion < 46231 Then '#ffadad'
When (tblVideoController.Caption Like '%RTX%A%' Or
tblVideoController.Caption Like '%quadro%' Or
tblVideoController.Caption Like '%NVS%') And
NvidiaAssets.DriverVersion Between 46500 And 46599 And
NvidiaAssets.DriverVersion < 46611 Then '#ffadad'
When (tblVideoController.Caption Like '%RTX%A%' Or
tblVideoController.Caption Like '%quadro%' Or
tblVideoController.Caption Like '%NVS%') And
NvidiaAssets.DriverVersion Between 46000 And 46499 And
NvidiaAssets.DriverVersion < 46231 Then '#ffadad'
When (tblVideoController.Caption Like '%RTX%A%' Or
tblVideoController.Caption Like '%quadro%' Or
tblVideoController.Caption Like '%NVS%') And
NvidiaAssets.DriverVersion Between 45000 And 45599 And
NvidiaAssets.DriverVersion < 45296 Then '#ffadad'
When (tblVideoController.Caption Like '%RTX%A%' Or
tblVideoController.Caption Like '%quadro%' Or
tblVideoController.Caption Like '%NVS%') And
NvidiaAssets.DriverVersion Between 39000 And 40999 And
NvidiaAssets.DriverVersion < 39265 Then '#ffadad'
When (tblVideoController.Caption Like '%tesla%') And
NvidiaAssets.DriverVersion Between 46000 And 46499 And
NvidiaAssets.DriverVersion < 46231 Then '#ffadad'
When (tblVideoController.Caption Like '%tesla%') And
NvidiaAssets.DriverVersion Between 45000 And 45599 And
NvidiaAssets.DriverVersion < 45296 Then '#ffadad'
When (tblVideoController.Caption Like '%tesla%') And
NvidiaAssets.DriverVersion Between 41800 And 42999 And
NvidiaAssets.DriverVersion < 42733 Then '#ffadad'
Else '#d4f4be'
End As backgroundcolor
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Inner Join tblVideoController On
tblAssets.AssetID = tblVideoController.AssetID
Left Join (Select Top 1000000 tblAssets.AssetID,
Right(Convert(bigint,Replace(tblVideoController.DriverVersion, '.', '')),
5) As DriverVersion,
tblVideoController.Caption
From tblAssets
Inner Join tblVideoController On
tblAssets.AssetID = tblVideoController.AssetID
Where tblVideoController.Caption Like '%Nvidia%') As NvidiaAssets On
NvidiaAssets.AssetID = tblAssets.AssetID
Where (tblVideoController.Caption Like '%geforce%' Or
tblVideoController.Caption Like '%quadro%' Or
tblVideoController.Caption Like '%NVS%' Or tblVideoController.Caption Like
'%tesla%' Or tblVideoController.Caption Like '%RTX%A%') And
tblVideoController.DriverVersion Is Not Null And tblAssetCustom.State = 1
Order By tblAssets.Domain,
tblAssets.AssetName

Audit and Take Action in 3 Easy Steps

1. Download & Install Lansweeper

3. Run the Audit & Take Action

Download Lansweeper to Run this Audit