Vulnerabilities > CVE-2021-1074 - Unspecified vulnerability in Nvidia GPU Display Driver

CVSS 7.3 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

nvidia

NVD

Published: 2021-04-21

Updated: 2022-07-21

Summary

NVIDIA GPU Display Driver for Windows installer contains a vulnerability where an attacker with local unprivileged system access may be able to replace an application resource with malicious files. This attack requires a user with system administration rights to execute the installer and requires the attacker to replace the files in a very short time window between file integrity validation and execution. Such an attack may lead to code execution, escalation of privileges, denial of service, and information disclosure.

Vulnerable Configurations

Part	Description	Count
Application	Nvidia Nvidia GPU Display Driver 390 Nvidia GPU Display Driver 390.65 Nvidia GPU Display Driver 390.77 Nvidia GPU Display Driver 391.03 Nvidia GPU Display Driver 391.33 Nvidia GPU Display Driver 391.58 Nvidia GPU Display Driver 391.74 Nvidia GPU Display Driver 391.89 Nvidia GPU Display Driver 392.00 Nvidia GPU Display Driver 392.37 Nvidia GPU Display Driver 392.53 Nvidia GPU Display Driver 392.56 Nvidia GPU Display Driver 392.58 Nvidia GPU Display Driver 392.59 Nvidia GPU Display Driver 392.61 Nvidia GPU Display Driver 392.62 Nvidia GPU Display Driver 392.63	17

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5172