PT-2019-4370 · Nvidia · Nvidia Windows Gpu Display Driver

Published

2019-08-06

Updated

2020-08-24

CVE-2019-5687

CVSS v2.0

3.6

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:P

Name of the Vulnerable Software and Affected Versions NVIDIA Windows GPU Display Driver (all versions)

Description The issue is related to an incorrect use of default permissions for an object in the kernel mode layer handler for DxgkDdiEscape, exposing it to an unintended actor. This vulnerability in the NVIDIA Windows GPU Display Driver is associated with errors in permission handling, which can be exploited to disclose protected information or cause a denial of service.

Recommendations For all versions, consider restricting access to the nvlddmkm.sys handler for DxgkDdiEscape until a patch is available. As a temporary workaround, avoid using the DxgkDdiEscape function in the NVIDIA Windows GPU Display Driver to minimize the risk of exploitation.

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-275CWE-276

Related Identifiers

BDU:2020-00091

CVE-2019-5687

Affected Products

Nvidia Windows Gpu Display Driver

PT-2019-4370 · Nvidia · Nvidia Windows Gpu Display Driver

CVE-2019-5687

Weakness Enumeration

Related Identifiers

Affected Products

References · 5