Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvidiaNvidiaNVIDIA:4928
HistoryNov 06, 2019 - 12:00 a.m.

Security Bulletin: NVIDIA NVFlash, GPUModeSwitch Tool - November 2019

2019-11-0600:00:00
nvidia.custhelp.com
34

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

12.7%

JSON

NVIDIA has released a software security update for NVIDIA NVFlash Tool. This update addresses issues that may lead to escalation of privileges, information disclosure, or denial of service. This update is available only to NVIDIA OEMs and partners. Go to NVIDIA Product Security.

Details

This section summarizes the potential impact that this security update addresses. Descriptions use CWE™, and base scores and vectors use CVSS V3 standards.

CVE Description Base Score Vector
CVE‑2019‑5688 NVIDIA kernel mode driver (nvflash.sys, nvflsh32.sys, and nvflsh64.sys) contains a vulnerability in which authenticated users with administrative privileges can gain access to device memory and registers of other devices not managed by NVIDIA, which may lead to escalation of privileges, information disclosure, or denial of service. 6.7 AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk to your specific configuration.

Security Updates

The following table lists the NVIDIA software products affected and the updated versions that include this security update.

Software Product Operating System Updated Version
NVFlash NVUFlash Windows 5.588.0
GPUModeSwitch Windows 2019-11

Notes:

  • NVFlash and NVUFlash
    • This product update is available only to NVIDIA OEMs and partners.
    • There is no action for end-users.
  • GPUModeSwitch product update is available by logging in to the NVIDIA Enterprise Application Hub to download updates from the NVIDIA Licensing Center.

Mitigations

None. See Security Updates for the version to install.

Acknowledgements

CVE‑2019‑5688: NVIDIA thanks Jesse Michael and Mickey Shkatov of Eclypsium for reporting this issue.

Related

prion 1
cvelist 1
cve 1
nvd 1
lenovo 2
prion
prion
Input validation
2019-11-18 18:15:00
cvelist
cvelist
CVE-2019-5688
2019-11-18 17:33:35
cve
cve
CVE-2019-5688
2019-11-18 18:15:10
nvd
nvd
CVE-2019-5688
2019-11-18 18:15:10
lenovo
lenovo
NVIDIA GPU Display Driver Vulnerabilities - Lenovo Support US
2019-11-04 14:33:46
NVIDIA GPU Display Driver Vulnerabilities - Lenovo Support US
2019-11-04 14:33:46

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

12.7%

JSON
Related for NVIDIA:4928
prion1cvelist1cve1nvd1lenovo2