Vulnerability Description
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) create context command DDI DxgkDdiCreateContext in which the product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array, which may lead to denial of service or escalation of privileges.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nvidia | Gpu Driver | - |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- http://support.lenovo.com/us/en/solutions/LEN-26250
- https://nvidia.custhelp.com/app/answers/detail/a_id/4772PatchVendor Advisory
- https://nvidia.custhelp.com/app/answers/detail/a_id/4797
- http://support.lenovo.com/us/en/solutions/LEN-26250
- https://nvidia.custhelp.com/app/answers/detail/a_id/4772PatchVendor Advisory
- https://nvidia.custhelp.com/app/answers/detail/a_id/4797
FAQ
What is CVE-2019-5666?
CVE-2019-5666 is a vulnerability with a CVSS score of 7.8 (HIGH). NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) create context command DDI DxgkDdiCreateContext in which the product uses untrusted input when calcul...
How severe is CVE-2019-5666?
CVE-2019-5666 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-5666?
Check the references section above for vendor advisories and patch information. Affected products include: Nvidia Gpu Driver, Microsoft Windows.