Login Sign Up

CVE-2021-1074

7.3 HIGH

📋 TL;DR

This vulnerability in NVIDIA GPU Display Driver for Windows allows local attackers with unprivileged system access to replace application resources with malicious files during installation. It requires an administrator to run the installer and a precise timing attack to swap files between validation and execution. This affects Windows systems with vulnerable NVIDIA GPU drivers.

💻 Affected Systems

Products:
  • NVIDIA GPU Display Driver for Windows
Versions: Multiple versions prior to the fix
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Requires Windows OS with NVIDIA GPU drivers. Attack requires local unprivileged access and admin to execute installer.

📦 What is this software?

Gpu Display Driver by Nvidia

View all CVEs affecting Gpu Display Driver →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with code execution, privilege escalation to SYSTEM, denial of service, and information disclosure.

🟠

Likely Case

Local privilege escalation allowing attackers to gain administrative privileges on the affected system.

🟢

If Mitigated

No impact if proper access controls prevent local unprivileged users from accessing installation directories or if patched versions are used.

🌐 Internet-Facing: LOW - This is a local attack requiring physical or remote desktop access to the system.
🏢 Internal Only: MEDIUM - Internal attackers with local access could exploit this, but requires admin to run installer and precise timing.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Exploitation requires precise timing between file validation and execution during installation, making reliable exploitation difficult.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: NVIDIA GPU Display Driver version with fix included (check specific version in advisory)

Vendor Advisory: https://nvidia.custhelp.com/app/answers/detail/a_id/5172

Restart Required: Yes

Instructions:

1. Download latest NVIDIA GPU Display Driver from official NVIDIA website. 2. Run installer with administrative privileges. 3. Follow installation wizard. 4. Restart system when prompted.

🔧 Temporary Workarounds

Restrict local access during installation

windows

Ensure no untrusted local users have access to the system during NVIDIA driver installation

Use secure installation locations

windows

Install NVIDIA drivers to secure directories with restricted permissions

🧯 If You Can't Patch

  • Restrict local user access to systems with vulnerable NVIDIA drivers
  • Monitor for suspicious file modifications in NVIDIA installation directories

🔍 How to Verify

Check if Vulnerable:

Check NVIDIA GPU Display Driver version against patched versions listed in NVIDIA advisory

Check Version:

Open NVIDIA Control Panel → System Information → Driver Version, or run 'nvidia-smi' in command prompt

Verify Fix Applied:

Verify installed NVIDIA driver version matches or exceeds patched version from advisory

📡 Detection & Monitoring

Log Indicators:

  • File modification events in NVIDIA installation directories during driver installation
  • Unexpected process execution from NVIDIA directories

Network Indicators:

  • No network indicators - this is a local attack

SIEM Query:

EventID=4663 (File access) with TargetObject containing 'NVIDIA' paths during installation windows

📊 Metadata

CVE ID: CVE-2021-1074
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Published: April 21, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON