CVE-2019-5666

Sažetak

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) create context command DDI DxgkDdiCreateContext in which the product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array, which may lead to denial of service or escalation of privileges.

Reference

http://support.lenovo.com/us/en/solutions/LEN-26250
https://nvidia.custhelp.com/app/answers/detail/a_id/4772
https://nvidia.custhelp.com/app/answers/detail/a_id/4797

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

09-05-2019 - 21:29

Objavljeno

27-02-2019 - 23:29