Vulnerability Description
NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nvidia | Geforce Experience | < 3.20.1 |
| Nvidia | Gpu Driver | All versions |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://nvidia.custhelp.com/app/answers/detail/a_id/4860PatchVendor Advisory
- https://nvidia.custhelp.com/app/answers/detail/a_id/4907PatchVendor Advisory
- https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-SoftwExploitThird Party Advisory
- https://nvidia.custhelp.com/app/answers/detail/a_id/4860PatchVendor Advisory
- https://nvidia.custhelp.com/app/answers/detail/a_id/4907PatchVendor Advisory
- https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-SoftwExploitThird Party Advisory
FAQ
What is CVE-2019-5695?
CVE-2019-5695 is a vulnerability with a CVSS score of 6.5 (MEDIUM). NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and pr...
How severe is CVE-2019-5695?
CVE-2019-5695 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-5695?
Check the references section above for vendor advisories and patch information. Affected products include: Nvidia Geforce Experience, Nvidia Gpu Driver, Microsoft Windows.