CVE-2021-1092

Published: Jul 22, 2021Modified: Nov 21, 2024

7.1

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Exploitability: 1.8 / Impact: 5.2

Source: NVD

Description

NVIDIA GPU Display Driver for Windows contains a vulnerability in the NVIDIA Control Panel application where it is susceptible to a Windows file system symbolic link attack where an unprivileged attacker can cause the applications to overwrite privileged files, resulting in potential denial of service or data loss.

Affected (3)

Products: Nvidia: Gpu Display Driver

1 product

Gpu Display Driver

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Nvidia Gpu Display Driver	From 427.33 to 427.48
Nvidia Gpu Display Driver	From 452.96 to 453.10
Nvidia Gpu Display Driver	From 462.31 to 462.96

Related CWEs

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (2)

https://nvidia.custhelp.com/app/answers/detail/a_id/5211

Source: psirt@nvidia.com

PatchVendor Advisory

https://nvidia.custhelp.com/app/answers/detail/a_id/5211

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.