Main Vulnerability Database Vulnerabilities #VU52486

#VU52486 Improper access control in R390 - CVE-2021-1074

Published: April 22, 2021

Vulnerability identifier: #VU52486

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-1074

CWE-ID: CWE-284

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
R390

Software vendor:
nVidia

Description

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in installer. A local user can replace an application resource with malicious files, leading to arbitrary code execution, escalation of privileges, denial of service and information disclosure.

Remediation

Install updates from vendor's website.

External links

https://nvidia.custhelp.com/app/answers/detail/a_id/5172

#VU52486 Improper access control in R390 - CVE-2021-1074

Description

Remediation

External links

Please verify you're human