CVE-2019-5688

Name of the Vulnerable Software and Affected Versions NVIDIA NVFlash, NVUFlash Tool versions prior to 5.588.0 GPUModeSwitch Tool versions prior to 2019-11 NVIDIA kernel mode driver (nvflash.sys, nvflsh32.sys, and nvflsh64.sys) (affected versions not specified)

Description The issue allows authenticated users with administrative privileges to access device memory and registers of other devices not managed by NVIDIA. This can potentially lead to escalation of privileges, information disclosure, or denial of service.

Recommendations For NVIDIA NVFlash, NVUFlash Tool versions prior to 5.588.0, update to version 5.588.0 or later. For GPUModeSwitch Tool versions prior to 2019-11, update to a version from 2019-11 or later. As a temporary workaround, consider restricting access to the NVIDIA kernel mode driver (nvflash.sys, nvflsh32.sys, and nvflsh64.sys) to minimize the risk of exploitation.