CVE-2021-1056

HIGH

NVIDIA GPU Display Driver - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-1056. PoCs published by pokerfaceSad.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2021-1056, which allows an attacker in a GPU container to access all GPU devices on the host by creating specific character device files. The exploit demonstrates the vulnerability in environments using `nvidia-container-runtime` or Kubernetes with `k8s-device-plugin`.

Description

NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure.

Exploits (1)

nomisec WORKING POC 16 stars

by pokerfaceSad · poc

https://github.com/pokerfaceSad/CVE-2021-1056

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2021-1056, which allows an attacker in a GPU container to access all GPU devices on the host by creating specific character device files. The exploit demonstrates the vulnerability in environments using `nvidia-container-runtime` or Kubernetes with `k8s-device-plugin`.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: NVIDIA GPU Driver (versions 418.87.01, 450.51.05, and others)

No auth needed

Prerequisites: Docker 19.03 · nvidia-container-toolkit · NVIDIA GPU (Tesla V100, TITAN V, Tesla K80, etc.)

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Mailing List, Third Party Advisory mailing-list

https://lists.debian.org/debian-lts-announce/2022/01/msg00013.html

Third Party Advisory vendor-advisory

https://security.gentoo.org/glsa/202310-02

Vendor Advisory

https://nvidia.custhelp.com/app/answers/detail/a_id/5142

Scores

CVSS v3 7.1

EPSS 0.0655

EPSS Percentile 91.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Details

CWE

CWE-276

Status published

Products (2)

debian/debian_linux 9.0

nvidia/gpu_driver 390 - 390.141

Published Jan 08, 2021

Tracked Since Feb 18, 2026