CVE-2019-5695
MEDIUMNVIDIA GeForce Experience < 3.20.1 and GPU Driver - DLL Preloading via Unvalidated Path
Title source: llmDescription
NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
https://nvidia.custhelp.com/app/answers/detail/a_id/4907
Patch, Vendor Advisory x_refsource_confirm
https://nvidia.custhelp.com/app/answers/detail/a_id/4860
Exploit, Third Party Advisory x_refsource_misc
https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695
Scores
CVSS v3
6.5
EPSS
0.0006
EPSS Percentile
18.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-427
Status
published
Products (2)
nvidia/geforce_experience
< 3.20.1
nvidia/gpu_driver
Published
Nov 12, 2019
Tracked Since
Feb 18, 2026