Drivers are the software which works directly with the hardware components in the machine. So they need to do things which require very high privileges like reading and writing to raw memory and any devices in the machine. This requires pretty much the highest privileged level of the machine to do. But the drivers also interface with the applications in the machine. The applications are telling the drivers what they want the hardware to do.

So it possible that if there is a bug in the driver it might be tricked into doing something it should not have done. If you for example gives a display driver a picture to draw but then “mess up” the size of the data you provided and the dimensions of the image a poorly implemented driver might end up writing a big block of data into a small memory space. That causes it to overflow and write the data provided by the user application into arbitrary bits of hardware memory. And since this is things that a privileged driver might sometimes do there is no checks in place for this. But now the attacker have managed to copy data into the memory of another process or even the kernel itself.