CVE-2019-5666

Published: Feb 27, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) create context command DDI DxgkDdiCreateContext in which the product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array, which may lead to denial of service or escalation of privileges.

Affected (1)

Products: Nvidia: Gpu Driver

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Nvidia Gpu Driver	All versions

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References (6)

http://support.lenovo.com/us/en/solutions/LEN-26250

Source: psirt@nvidia.com

https://nvidia.custhelp.com/app/answers/detail/a_id/4772

Source: psirt@nvidia.com

PatchVendor Advisory

https://nvidia.custhelp.com/app/answers/detail/a_id/4797

Source: psirt@nvidia.com

http://support.lenovo.com/us/en/solutions/LEN-26250

Source: af854a3a-2127-422b-91ae-364da2661108

https://nvidia.custhelp.com/app/answers/detail/a_id/4772

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://nvidia.custhelp.com/app/answers/detail/a_id/4797

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.