CVE-2019-5688 - Vulnerability Details - OpenCVE

NVIDIA NVFlash, NVUFlash Tool prior to v5.588.0 and GPUModeSwitch Tool prior to 2019-11, NVIDIA kernel mode driver (nvflash.sys, nvflsh32.sys, and nvflsh64.sys) contains a vulnerability in which authenticated users with administrative privileges can gain access to device memory and registers of other devices not managed by NVIDIA, which may lead to escalation of privileges, information disclosure, or denial of service.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows
Nvidia	Gpumodeswitch Nvflash Nvuflash

Configuration 1 [-]

AND

OR	cpe:2.3:a:nvidia:gpumodeswitch::::::::
	cpe:2.3:a:nvidia:nvflash::::::::
	cpe:2.3:a:nvidia:nvuflash::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://nvidia.custhelp.com/app/answers/detail/a_id/4928

History

No history.

MITRE

Status: PUBLISHED

Assigner: nvidia

Published: 2019-11-18T17:33:35

Updated: 2024-08-04T20:01:52.098Z

Reserved: 2019-01-07T00:00:00

Link: CVE-2019-5688

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-11-18T18:15:10.057

Modified: 2024-11-21T04:45:21.007

Link: CVE-2019-5688

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "NVIDIA NVFlash, NVUFlash, GPUModeSwitch Tool", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "NVFlash"}, {"status": "affected", "version": "NVUFlash prior to v5.588.0"}, {"status": "affected", "version": "GPUModeSwitch prior to 2019-11"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA NVFlash, NVUFlash Tool prior to v5.588.0 and GPUModeSwitch Tool prior to 2019-11, NVIDIA kernel mode driver (nvflash.sys, nvflsh32.sys, and nvflsh64.sys) contains a vulnerability in which authenticated users with administrative privileges can gain access to device memory and registers of other devices not managed by NVIDIA, which may lead to escalation of privileges, information disclosure, or denial of service."}], "problemTypes": [{"descriptions": [{"description": "escalation of privileges, information disclosure, denial of service.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-18T17:33:35", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4928"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@nvidia.com", "ID": "CVE-2019-5688", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "NVIDIA NVFlash, NVUFlash, GPUModeSwitch Tool", "version": {"version_data": [{"version_value": "NVFlash"}, {"version_value": "NVUFlash prior to v5.588.0"}, {"version_value": "GPUModeSwitch prior to 2019-11"}]}}]}, "vendor_name": "NVIDIA"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "NVIDIA NVFlash, NVUFlash Tool prior to v5.588.0 and GPUModeSwitch Tool prior to 2019-11, NVIDIA kernel mode driver (nvflash.sys, nvflsh32.sys, and nvflsh64.sys) contains a vulnerability in which authenticated users with administrative privileges can gain access to device memory and registers of other devices not managed by NVIDIA, which may lead to escalation of privileges, information disclosure, or denial of service."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "escalation of privileges, information disclosure, denial of service."}]}]}, "references": {"reference_data": [{"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4928", "refsource": "MISC", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4928"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:01:52.098Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4928"}]}]}, "cveMetadata": {"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2019-5688", "datePublished": "2019-11-18T17:33:35", "dateReserved": "2019-01-07T00:00:00", "dateUpdated": "2024-08-04T20:01:52.098Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:gpumodeswitch:*:*:*:*:*:*:*:*", "matchCriteriaId": "D43AF9D0-CEBA-4C32-946C-374E49DCC703", "versionEndExcluding": "2019-11", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:nvflash:*:*:*:*:*:*:*:*", "matchCriteriaId": "B7C96214-BEA4-4C93-8FE2-6EA6CC0A3340", "versionEndExcluding": "5.588.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:nvuflash:*:*:*:*:*:*:*:*", "matchCriteriaId": "3C0B76F8-93FF-481F-9BF8-96BFC1A97108", "versionEndExcluding": "5.588.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "NVIDIA NVFlash, NVUFlash Tool prior to v5.588.0 and GPUModeSwitch Tool prior to 2019-11, NVIDIA kernel mode driver (nvflash.sys, nvflsh32.sys, and nvflsh64.sys) contains a vulnerability in which authenticated users with administrative privileges can gain access to device memory and registers of other devices not managed by NVIDIA, which may lead to escalation of privileges, information disclosure, or denial of service."}, {"lang": "es", "value": "NVIDIA NVFlash, NVUFlash Tool versiones anteriores a v5.588.0 y GPUModeSwitch Tool versiones anteriores a 2019-11, el controlador de modo kernel de NVIDIA (nvflash.sys, nvflsh32.sys y nvflsh64.sys) contiene una vulnerabilidad en la cual los usuarios autenticados con privilegios administrativos pueden conseguir acceso a la memoria del dispositivo y los registros de otros dispositivos no administrados por NVIDIA, lo que puede conllevar a una escalada de privilegios, divulgaci\u00f3n de informaci\u00f3n o denegaci\u00f3n de servicio."}], "id": "CVE-2019-5688", "lastModified": "2024-11-21T04:45:21.007", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-18T18:15:10.057", "references": [{"source": "psirt@nvidia.com", "tags": ["Vendor Advisory"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4928"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4928"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}