CVE-2019-5666

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) create context command DDI DxgkDdiCreateContext in which the product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array, which may lead to denial of service or escalation of privileges.

References

http://support.lenovo.com/us/en/solutions/LEN-26250

https://nvidia.custhelp.com/app/answers/detail/a_id/4772

https://nvidia.custhelp.com/app/answers/detail/a_id/4797

Details

Source: MITRE

Published: 2019-02-27

Updated: 2019-05-09

Type: CWE-129

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Tenable Plugins

View all (2 total)

IDNameProductFamilySeverity
126049NVIDIA Windows GPU Display Driver Multiple Vulnerabilities (May 2019)NessusWindows
medium
122510NVIDIA Windows GPU Display Driver Multiple Vulnerabilities (February 2019)NessusWindows
high