First published: Wed Feb 27 2019(Updated: )
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) create context command DDI DxgkDdiCreateContext in which the product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array, which may lead to denial of service or escalation of privileges.
Credit: psirt@nvidia.com psirt@nvidia.com
Affected Software | Affected Version | How to fix |
---|---|---|
Nvidia Gpu Driver | ||
Microsoft Windows | ||
All of | ||
Nvidia Gpu Driver | ||
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-5666 is a vulnerability in the NVIDIA Windows GPU Display Driver that allows for untrusted input to be used without proper validation, leading to potential exploitation.
The severity of CVE-2019-5666 is rated as high with a severity value of 7.8.
CVE-2019-5666 affects the NVIDIA Gpu Driver by exploiting a vulnerability in the kernel mode layer (nvlddmkm.sys) create context command DDI DxgkDdiCreateContext.
To fix CVE-2019-5666, it is recommended to update to the latest version of the NVIDIA Windows GPU Display Driver and follow any patches or security advisories provided by NVIDIA.
More information about CVE-2019-5666 can be found in the references provided: http://support.lenovo.com/us/en/solutions/LEN-26250, https://nvidia.custhelp.com/app/answers/detail/a_id/4772, https://nvidia.custhelp.com/app/answers/detail/a_id/4797