CVE-2019-5666
HIGHNVIDIA Windows GPU Display Driver - DoS or Privilege Escalation via Array Index Validation
Title source: llmDescription
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) create context command DDI DxgkDdiCreateContext in which the product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array, which may lead to denial of service or escalation of privileges.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
https://nvidia.custhelp.com/app/answers/detail/a_id/4772
Various Sources x_refsource_confirm
http://support.lenovo.com/us/en/solutions/LEN-26250
Vendor Advisory x_refsource_confirm
https://nvidia.custhelp.com/app/answers/detail/a_id/4797
Scores
CVSS v3
7.8
EPSS
0.0004
EPSS Percentile
13.9%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-129
Status
published
Products (1)
nvidia/gpu_driver
Published
Feb 27, 2019
Tracked Since
Feb 18, 2026