CVE-2019-5676

NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvidiaCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
VendorProductVersion
nvidiagpu_display_driver
410 ≤
𝑥
< 412.36
nvidiagpu_display_driver
418 ≤
𝑥
< 425.51
nvidiagpu_display_driver
430 ≤
𝑥
< 430.64
nvidiageforce_experience
𝑥
< 3.19
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://nvidia.custhelp.com/app/answers/detail/a_id/4797
https://nvidia.custhelp.com/app/answers/detail/a_id/4806
https://nvidia.custhelp.com/app/answers/detail/a_id/4841
https://support.lenovo.com/us/en/product_security/LEN-27815
https://nvidia.custhelp.com/app/answers/detail/a_id/4797
https://nvidia.custhelp.com/app/answers/detail/a_id/4806
https://nvidia.custhelp.com/app/answers/detail/a_id/4841
https://support.lenovo.com/us/en/product_security/LEN-27815