CVE Vulnerability

CVE-2019-5695

NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution.

6.9 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.4 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.6 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/4907 Patch Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/4860 Patch Vendor Advisory
https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695 Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*
Information

Published : 2019-11-12 09:15

Updated : 2022-01-01 08:12

NVD link : CVE-2019-5695

Mitre link : CVE-2019-5695

Products Affected

Gpu Driver

Nvidia

CWE
CWE-427