CVE-2021-1074

Name of the Vulnerable Software and Affected Versions NVIDIA GPU Display Driver for Windows versions R390 driver branch

Description The issue allows an attacker with local unprivileged system access to potentially replace an application resource with malicious files during the installation process. This requires a user with system administration rights to execute the installer and for the attacker to replace the files within a short time window between file integrity validation and execution. Such an attack may lead to code execution, escalation of privileges, denial of service, and information disclosure.

Recommendations For NVIDIA GPU Display Driver for Windows versions R390 driver branch, consider restricting access to the installer to prevent unauthorized execution, and ensure that the installation process is closely monitored to minimize the risk of file replacement. As a temporary workaround, consider implementing additional validation checks on installed files to detect potential tampering.