CVE-2019-5688

MEDIUM

Nvidia Gpumodeswitch < 2019-11 - Denial of Service

Title source: rule

Description

NVIDIA NVFlash, NVUFlash Tool prior to v5.588.0 and GPUModeSwitch Tool prior to 2019-11, NVIDIA kernel mode driver (nvflash.sys, nvflsh32.sys, and nvflsh64.sys) contains a vulnerability in which authenticated users with administrative privileges can gain access to device memory and registers of other devices not managed by NVIDIA, which may lead to escalation of privileges, information disclosure, or denial of service.

Exploits (1)

nomisec WORKING POC 2 stars

by watsa01 · poc

https://github.com/watsa01/CVE-2019-5688

View Code ZIP pw:eip

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://nvidia.custhelp.com/app/answers/detail/a_id/4928

Scores

CVSS v3 6.7

EPSS 0.0011

EPSS Percentile 29.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (3)

nvidia/gpumodeswitch < 2019-11

nvidia/nvflash < 5.588.0

nvidia/nvuflash < 5.588.0

Published Nov 18, 2019

Tracked Since Feb 18, 2026