Vulnerability Description
NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nvidia | Gpu Display Driver | >= 410, < 412.36 |
| Nvidia | Geforce Experience | < 3.19 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://nvidia.custhelp.com/app/answers/detail/a_id/4797Vendor Advisory
- https://nvidia.custhelp.com/app/answers/detail/a_id/4806Vendor Advisory
- https://nvidia.custhelp.com/app/answers/detail/a_id/4841Vendor Advisory
- https://support.lenovo.com/us/en/product_security/LEN-27815Third Party Advisory
- https://nvidia.custhelp.com/app/answers/detail/a_id/4797Vendor Advisory
- https://nvidia.custhelp.com/app/answers/detail/a_id/4806Vendor Advisory
- https://nvidia.custhelp.com/app/answers/detail/a_id/4841Vendor Advisory
- https://support.lenovo.com/us/en/product_security/LEN-27815Third Party Advisory
FAQ
What is CVE-2019-5676?
CVE-2019-5676 is a vulnerability with a CVSS score of 6.7 (MEDIUM). NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as...
How severe is CVE-2019-5676?
CVE-2019-5676 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-5676?
Check the references section above for vendor advisories and patch information. Affected products include: Nvidia Gpu Display Driver, Nvidia Geforce Experience, Microsoft Windows.