Main Vulnerability Database Vulnerabilities #VU19993

Incorrect default permissions in NVIDIA Windows GPU Display Driver - CVE-2019-5687

Published: August 8, 2019

Vulnerability identifier: #VU19993

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-5687

CWE-ID: CWE-276

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: nVidia

Affected software:
NVIDIA Windows GPU Display Driver

Detailed vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape due to incorrect default permissions for an object exposes it to an unintended actor. A local authenticated user with access to the system can view contents of files and directories or modify them.

This vulnerability can lead to information disclosure or denial of service.

How to mitigate CVE-2019-5687

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources

https://nvidia.custhelp.com/app/answers/detail/a_id/4841

Incorrect default permissions in NVIDIA Windows GPU Display Driver - CVE-2019-5687

Detailed vulnerability description

How to mitigate CVE-2019-5687

Sources

Please verify you're human