CVE-2021-1092

CWE-59 CWE-269 — Improper Privilege Management3 documents3 sources

Severity

7.1HIGH

EPSS

0.1%

top 69.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia GPU Display Driver Nvidia Nvidia GPU Display Driver

Timeline

PublishedJul 22

Latest updateMay 24

Description

NVIDIA GPU Display Driver for Windows contains a vulnerability in the NVIDIA Control Panel application where it is susceptible to a Windows file system symbolic link attack where an unprivileged attacker can cause the applications to overwrite privileged files, resulting in potential denial of service or data loss.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

▶NVDnvidia/gpu_display_driver427.33 — 427.48+2

▶CVEListV5nvidia/nvidia_gpu_display_driverAll GPU Driver versions

Patches

Patch: nvidia.custhelp.com ↗Patch: nvidia.custhelp.com ↗

🔴Vulnerability Details

GHSA

GHSA-f383-xpww-4f48: NVIDIA GPU Display Driver for Windows contains a vulnerability in the NVIDIA Control Panel application where it is susceptible to a Windows file syste↗2022-05-24

▶

CVEList

CVE-2021-1092: NVIDIA GPU Display Driver for Windows contains a vulnerability in the NVIDIA Control Panel application where it is susceptible to a Windows file syste↗2021-07-22

▶