Lucene search

[email protected]CVE-2021-1074

HistoryApr 21, 2021 - 11:15 p.m.

CVE-2021-1074

2021-04-2123:15:07

[email protected]

web.nvd.nist.gov

nvidia

gpu

display

driver

windows

vulnerability

local

unprivileged

system access

code execution

escalation of privileges

denial of service

information disclosure

nvd

cve-2021-1074

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

NVIDIA GPU Display Driver for Windows installer contains a vulnerability where an attacker with local unprivileged system access may be able to replace an application resource with malicious files. This attack requires a user with system administration rights to execute the installer and requires the attacker to replace the files in a very short time window between file integrity validation and execution. Such an attack may lead to code execution, escalation of privileges, denial of service, and information disclosure.

Affected configurations

NVD

Node

nvidiagpu_display_driverRange390–392.65windows

CPENameOperatorVersion
nvidia:gpu_display_drivernvidia gpu display driverlt392.65

CPE	Name	Operator	Version
nvidia:gpu_display_driver	nvidia gpu display driver	lt	392.65

CNA Affected

[
  {
    "product": "NVIDIA GPU Display Driver",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "R390 driver branch"
      }
    ]
  }
]