CVE-2019-5666: Out-of-bounds Read
First published: Wed Feb 27 2019(Updated: )
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) create context command DDI DxgkDdiCreateContext in which the product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array, which may lead to denial of service or escalation of privileges.
Credit: psirt@nvidia.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nvidia Gpu Driver | ||
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-5666?
CVE-2019-5666 is a vulnerability in the NVIDIA Windows GPU Display Driver that allows for untrusted input to be used without proper validation, leading to potential exploitation.
What is the severity of CVE-2019-5666?
The severity of CVE-2019-5666 is rated as high with a severity value of 7.8.
How does CVE-2019-5666 affect NVIDIA Gpu Driver?
CVE-2019-5666 affects the NVIDIA Gpu Driver by exploiting a vulnerability in the kernel mode layer (nvlddmkm.sys) create context command DDI DxgkDdiCreateContext.
How can I fix CVE-2019-5666?
To fix CVE-2019-5666, it is recommended to update to the latest version of the NVIDIA Windows GPU Display Driver and follow any patches or security advisories provided by NVIDIA.
Where can I find more information about CVE-2019-5666?
More information about CVE-2019-5666 can be found in the references provided: http://support.lenovo.com/us/en/solutions/LEN-26250, https://nvidia.custhelp.com/app/answers/detail/a_id/4772, https://nvidia.custhelp.com/app/answers/detail/a_id/4797