Plateforme
nvidia
Composant
nvidia-gpu-graphics-driver
CVE-2019-5668 is a security vulnerability affecting the NVIDIA Windows GPU Display Driver. It resides within the kernel-mode layer (nvlddmkm.sys) specifically in the DxgkDdiSubmitCommandVirtual handler. This flaw allows an attacker to potentially trigger a denial of service or escalate privileges by exploiting a NULL pointer dereference. All versions of the NVIDIA Windows GPU Display Driver are affected, and a fix is pending.
The vulnerability in CVE-2019-5668 stems from the DxgkDdiSubmitCommandVirtual handler within nvlddmkm.sys. An attacker can craft malicious input that causes the driver to attempt to dereference a NULL pointer. This can lead to a denial of service (DoS) condition, where the GPU driver crashes, rendering the GPU unusable. Privilege escalation is also possible, allowing an attacker to gain elevated privileges on the system. The impact is significant, as a compromised GPU driver can disrupt system operations and potentially allow for further exploitation.
CVE-2019-5668 was published on February 27, 2019. The vulnerability's severity is pending evaluation. No public exploits or proof-of-concept code have been publicly disclosed as of this writing. It is not currently listed on KEV or EPSS. Active campaigns exploiting this vulnerability are not known, but the potential for privilege escalation and DoS warrants careful monitoring.
Statut de l'Exploit
EPSS
0.04% (percentile 13%)
The primary mitigation for CVE-2019-5668 is to update to a patched version of the NVIDIA Windows GPU Display Driver. NVIDIA has not released specific fixed versions as of the publication date, so monitoring NVIDIA’s security advisories is crucial. As a temporary workaround, consider implementing strict input validation on any data passed to the DxgkDdiSubmitCommandVirtual function. WAFs and proxies are unlikely to be effective against this kernel-level vulnerability. After upgrading the driver, confirm the fix by running a memory integrity check and verifying system stability under load.
Actualice el controlador de la GPU NVIDIA a la última versión disponible desde el sitio web del fabricante o a través de Windows Update. Esto solucionará la vulnerabilidad en el controlador del modo kernel (nvlddmkm.sys).
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
It's a vulnerability in the NVIDIA Windows GPU Display Driver that can lead to denial of service or privilege escalation due to a NULL pointer dereference.
If you are using any version of the NVIDIA Windows GPU Display Driver, you are potentially affected. Check NVIDIA's website for updated drivers.
Update to the latest patched version of the NVIDIA Windows GPU Display Driver. Monitor NVIDIA's security advisories for release information.
No active campaigns exploiting this vulnerability are currently known, but it's important to apply the patch as soon as possible.
Refer to the NVIDIA security advisory and the National Vulnerability Database (NVD) entry for CVE-2019-5668 for more details.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.