CVE-2019-5694

MEDIUM

Nvidia Gpu Driver - Uncontrolled Search Path

Title source: rule

Description

NVIDIA Windows GPU Display Driver, R390 driver version, contains a vulnerability in NVIDIA Control Panel in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution. The attacker requires local system access.

References (2)

[Patch, Vendor Advisory] https://nvidia.custhelp.com/app/answers/detail/a_id/4907

[Exploit, Third Party Advisory] https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695

Scores

CVSS v3 6.5

EPSS 0.0019

EPSS Percentile 41.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (1)

nvidia/gpu_driver

Timeline

Published Nov 09, 2019

Tracked Since Feb 18, 2026