Local Service Provider Vulnerability in NVIDIA GeForce Experience and Windows GPU Display Driver
CVE-2019-5695

6.5MEDIUM

Key Information:

Vendor
Nvidia
Status
Nvidia Geforce Experience
Nvidia Windows Gpu Display Driver
Vendor
CVE Published:
12 November 2019

Summary

A local service provider vulnerability exists in NVIDIA GeForce Experience (versions prior to 3.20.1) and all versions of Windows GPU Display Driver. Attackers with local system and privileged access may exploit this flaw by improperly loading Windows system DLLs without proper path or signature validation. This vulnerability can lead to potential code execution, resulting in denial of service or information disclosure.

Affected Version(s)

NVIDIA GeForce Experience prior to 3.20.1

NVIDIA Windows GPU Display Driver all versions

References

https://nvidia.custhelp.com/app/answers/detail/a_id/4907
x_refsource_CONFIRM
https://nvidia.custhelp.com/app/answers/detail/a_id/4860
x_refsource_CONFIRM
https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-fo...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.