CVE-2019-5688

NVIDIA NVFlash, NVUFlash Tool prior to v5.588.0 and GPUModeSwitch Tool prior to 2019-11, NVIDIA kernel mode driver (nvflash.sys, nvflsh32.sys, and nvflsh64.sys) contains a vulnerability in which authenticated users with administrative privileges can gain access to device memory and registers of other devices not managed by NVIDIA, which may lead to escalation of privileges, information disclosure, or denial of service.

CVSS v3 6.7 MEDIUM
CVSS v2.0 7.2 HIGH

6.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/4928	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:nvidia:gpumodeswitch::::::::
	cpe:2.3:a:nvidia:nvflash::::::::
	cpe:2.3:a:nvidia:nvuflash::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-11-18 18:15

Updated : 2024-02-28 17:28

NVD link : CVE-2019-5688

Mitre link : CVE-2019-5688

CVE.ORG link : CVE-2019-5688

JSON object : View

Products Affected

nvidia

gpumodeswitch
nvuflash
nvflash

microsoft

windows

CWE

NVD-CWE-noinfo

{"id": "CVE-2019-5688", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}]}, "published": "2019-11-18T18:15:10.057", "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4928", "tags": ["Vendor Advisory"], "source": "psirt@nvidia.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA NVFlash, NVUFlash Tool prior to v5.588.0 and GPUModeSwitch Tool prior to 2019-11, NVIDIA kernel mode driver (nvflash.sys, nvflsh32.sys, and nvflsh64.sys) contains a vulnerability in which authenticated users with administrative privileges can gain access to device memory and registers of other devices not managed by NVIDIA, which may lead to escalation of privileges, information disclosure, or denial of service."}, {"lang": "es", "value": "NVIDIA NVFlash, NVUFlash Tool versiones anteriores a v5.588.0 y GPUModeSwitch Tool versiones anteriores a 2019-11, el controlador de modo kernel de NVIDIA (nvflash.sys, nvflsh32.sys y nvflsh64.sys) contiene una vulnerabilidad en la cual los usuarios autenticados con privilegios administrativos pueden conseguir acceso a la memoria del dispositivo y los registros de otros dispositivos no administrados por NVIDIA, lo que puede conllevar a una escalada de privilegios, divulgaci\u00f3n de informaci\u00f3n o denegaci\u00f3n de servicio."}], "lastModified": "2021-07-21T11:39:23.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:gpumodeswitch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D43AF9D0-CEBA-4C32-946C-374E49DCC703", "versionEndExcluding": "2019-11"}, {"criteria": "cpe:2.3:a:nvidia:nvflash:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7C96214-BEA4-4C93-8FE2-6EA6CC0A3340", "versionEndExcluding": "5.588.0"}, {"criteria": "cpe:2.3:a:nvidia:nvuflash:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C0B76F8-93FF-481F-9BF8-96BFC1A97108", "versionEndExcluding": "5.588.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@nvidia.com"}