CVE-2021-1091: 
NVIDIA Graphics Driver vulnerability analysis and mitigation

CVE-2021-1091 affects the NVIDIA GPU Display driver for Windows, discovered and disclosed in July 2021. The vulnerability impacts NVIDIA GPU Display drivers across multiple versions including R470, R465, and R460 branches (NVIDIA Bulletin).

The vulnerability exists where an unprivileged user can create a file hard link that causes the driver to overwrite a file that requires elevated privilege to modify. The vulnerability has been assigned a CVSS v3.1 base score of 7.1 HIGH with the vector string AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H (NVIDIA Bulletin).

If exploited, this vulnerability could lead to data loss or denial of service on affected systems. The vulnerability affects the system's security by allowing unprivileged users to modify files that should require elevated privileges (NVIDIA Bulletin).

NVIDIA has released security updates to address this vulnerability. For Windows systems, users should update to the following versions depending on their driver branch: R470 branch to version 471.41, R460 branch to version 462.96, R450 branch to version 453.10, and R390 branch to version 392.67. Some hardware vendors may provide alternative versions (462.86, 466.83, 471.35, and 471.36) that also contain the security updates (NVIDIA Bulletin).