CVE-2021-1074 — Nvidia GPU Display Driver vulnerability

3 documents3 sources

Severity

7.3HIGHNVD

EPSS

0.1%

top 71.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia GPU Display Driver Nvidia GPU Display Driver

Timeline

PublishedApr 21

Latest updateMay 24

Description

NVIDIA GPU Display Driver for Windows installer contains a vulnerability where an attacker with local unprivileged system access may be able to replace an application resource with malicious files. This attack requires a user with system administration rights to execute the installer and requires the attacker to replace the files in a very short time window between file integrity validation and execution. Such an attack may lead to code execution, escalation of privileges, denial of service, and…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages2 packages

▶NVDnvidia/gpu_display_driver390 — 392.65

▶CVEListV5nvidia/nvidia_gpu_display_driverR390 driver branch

🔴Vulnerability Details

GHSA

GHSA-prf4-82qm-xc4f: NVIDIA Windows GPU Display Driver for Windows, R390 driver branch, contains a vulnerability in its installer where an attacker with local system acces↗2022-05-24

▶

CVEList

CVE-2021-1074: NVIDIA GPU Display Driver for Windows installer contains a vulnerability where an attacker with local unprivileged system access may be able to replac↗2021-04-21

▶