CVE-2019-5675

NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior and unpredictable data changes, which may lead to denial of service, escalation of privileges, or information disclosure.

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/4797	Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/4797	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:windows:*:*

History

21 Nov 2024, 04:45

Type	Values Removed	Values Added
References	~~() https://nvidia.custhelp.com/app/answers/detail/a_id/4797 - Vendor Advisory~~	() https://nvidia.custhelp.com/app/answers/detail/a_id/4797 - Vendor Advisory

Information

Published : 2019-05-10 21:29

Updated : 2024-11-21 04:45

NVD link : CVE-2019-5675

Mitre link : CVE-2019-5675

CVE.ORG link : CVE-2019-5675

JSON object : View

Products Affected

nvidia

gpu_driver

CWE

CWE-662

Improper Synchronization

{"id": "CVE-2019-5675", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2019-05-10T21:29:00.520", "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4797", "tags": ["Vendor Advisory"], "source": "psirt@nvidia.com"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4797", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-662"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior and unpredictable data changes, which may lead to denial of service, escalation of privileges, or information disclosure."}, {"lang": "es", "value": "El driver NVIDIA Windows GPU Display para Windows (todas las versiones) contiene una vulnerabilidad en el controlador de la capa de modo de kernel (nvlddmkm.sys) para DxgkDdiEscape, en la que el producto no sincroniza correctamente los datos compartidos, como las variables est\u00e1ticas en los subprocesos, lo que puede provocar un comportamiento indefinido y cambios impredecibles en los datos, lo que puede provocar denegaci\u00f3n de servicio, escalada de privilegios o divulgaci\u00f3n de informaci\u00f3n."}], "lastModified": "2024-11-21T04:45:19.533", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "E8B2FE62-DA85-49FE-89B1-4AC71DCEC690"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@nvidia.com"}