CVE-2019-5694
MEDIUMNVIDIA Windows GPU Display Driver R390 - Uncontrolled Search Path Element in NVIDIA Control Panel
Title source: llmDescription
NVIDIA Windows GPU Display Driver, R390 driver version, contains a vulnerability in NVIDIA Control Panel in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution. The attacker requires local system access.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_misc
https://nvidia.custhelp.com/app/answers/detail/a_id/4907
Exploit, Third Party Advisory x_refsource_misc
https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695
Scores
CVSS v3
6.5
EPSS
0.0019
EPSS Percentile
40.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-427
Status
published
Products (1)
nvidia/gpu_driver
Published
Nov 09, 2019
Tracked Since
Feb 18, 2026