CVE-2019-5695

low-risk
Published 2019-11-12

NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution.

Do I need to act?

-
0.06% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10 Medium
LOCAL / LOW complexity

Affected Products (2)

Affected Vendors

Nvidia

References (6)

Patch https://nvidia.custhelp.com/app/answers/detail/a_id/4860
Patch https://nvidia.custhelp.com/app/answers/detail/a_id/4907
Exploit https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Softw...
Patch https://nvidia.custhelp.com/app/answers/detail/a_id/4860
Patch https://nvidia.custhelp.com/app/answers/detail/a_id/4907
Exploit https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Softw...
28
/ 100
low-risk
Severity 21/34 · High
Exploitability 0/34 · Minimal
Exposure 7/34 · Low