CVE-2021-1095: 
NVIDIA Graphics Driver vulnerability analysis and mitigation

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handlers for all control calls with embedded parameters where dereferencing an untrusted pointer may lead to denial of service. The vulnerability was assigned CVE-2021-1095 and was disclosed in July 2021. This vulnerability affects NVIDIA GPU Display Drivers across multiple versions on both Windows and Linux operating systems (NVIDIA Advisory).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The vulnerability is classified as a NULL Pointer Dereference (CWE-476) issue. The flaw exists in the kernel mode layer (nvlddmkm.sys) where handlers for control calls with embedded parameters can dereference an untrusted pointer (NVD).

If exploited, this vulnerability can lead to denial of service conditions in affected systems. The vulnerability has a High impact on system availability while having no direct impact on confidentiality or integrity (NVIDIA Advisory).

NVIDIA has released security updates to address this vulnerability. For Windows systems, updates are available in versions 471.41 (R470 branch), 462.96 (R460 branch), 453.10 (R450 branch), and 392.67 (R390 branch). For Linux systems, fixes are available in versions 470.57.02 (R470 branch), 460.91.03 (R460 branch), 450.142.00 (R450 branch), 418.211.00 (R418 branch), and 390.144 (R390 branch) (NVIDIA Advisory).