Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-5688

NVIDIA NVFlash, NVUFlash Tool prior to v5.588.0 and GPUModeSwitch Tool prior to 2019-11, NVIDIA kernel mode driver (nvflash.sys, nvflsh32.sys, and nvflsh64.sys) contains a vulnerability in which authenticated users with administrative privileges can gain access to device memory and registers of other devices not managed by NVIDIA, which may lead to escalation of privileges, information disclosure, or denial of service.

Published

2019-11-18T18:15:10.057

Last Modified

2024-11-21T04:45:21.007

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nvidia	gpumodeswitch	< 2019-11	Yes
Application	nvidia	nvflash	< 5.588.0	Yes
Application	nvidia	nvuflash	< 5.588.0	Yes
Operating System	microsoft	windows	-	No

References

https://nvidia.custhelp.com/app/answers/detail/a_id/4928 Vendor Advisory ([email protected])
https://nvidia.custhelp.com/app/answers/detail/a_id/4928 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)