CVE-2021-1091

Published: Jul 22, 2021Modified: Nov 21, 2024

7.1

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Exploitability: 1.8 / Impact: 5.2

Source: NVD

Description

NVIDIA GPU Display driver for Windows contains a vulnerability where an unprivileged user can create a file hard link that causes the driver to overwrite a file that requires elevated privilege to modify, which could lead to data loss or denial of service.

Affected (3)

Products: Nvidia: Gpu Display Driver

1 product

Gpu Display Driver

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Nvidia Gpu Display Driver	From 427.33 to 427.48
Nvidia Gpu Display Driver	From 452.96 to 453.10
Nvidia Gpu Display Driver	From 462.31 to 462.96

Related CWEs

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (2)

https://nvidia.custhelp.com/app/answers/detail/a_id/5211

Source: psirt@nvidia.com

PatchVendor Advisory

https://nvidia.custhelp.com/app/answers/detail/a_id/5211

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.