CVE-2021-1074: 
NVIDIA Graphics Driver vulnerability analysis and mitigation

CVE-2021-1074 is a vulnerability discovered in the NVIDIA GPU Display Driver for Windows installer. The vulnerability was disclosed in April 2021 and affects the R390 driver branch. It allows an attacker with local unprivileged system access to potentially replace application resources with malicious files during installation (NVIDIA Security).

The vulnerability has a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). The attack requires specific timing - it must be executed in a very short time window between file integrity validation and execution. Additionally, successful exploitation requires a user with system administration rights to execute the installer (NVIDIA Security).

If successfully exploited, this vulnerability can lead to multiple severe consequences including code execution, escalation of privileges, denial of service, and information disclosure (NVIDIA Security).

NVIDIA has released security updates to address this vulnerability. For the R390 driver branch, users should update to version 392.65 or later. The fix is included in the security update released in April 2021 (NVIDIA Security).