Plataforma
nvidia
Componente
nvidia-gpu-graphics-driver
CVE-2019-5671 is a denial-of-service (DoS) vulnerability affecting the NVIDIA GPU Graphics Driver. The flaw resides within the kernel mode layer (nvlddmkm.sys) and specifically concerns the handling of DxgkDdiEscape. Due to improper resource management, the driver fails to release a resource after its effective lifetime, potentially leading to system instability and crashes. This vulnerability impacts all versions of the NVIDIA GPU Graphics Driver.
An attacker exploiting CVE-2019-5671 can trigger a denial-of-service condition, effectively crashing the system. This occurs when the vulnerable DxgkDdiEscape handler fails to release a resource, leading to resource exhaustion and ultimately a system halt. The impact is significant as it can disrupt critical operations and potentially lead to data loss. While the vulnerability doesn't directly allow for code execution, the resulting system crash can be leveraged to cause further disruption or potentially mask other malicious activities. The blast radius is limited to the affected system, but widespread deployment of the driver increases the potential for impact.
CVE-2019-5671 was published on February 27, 2019. Public exploits are not widely available, and there are no reports of active exploitation campaigns targeting this vulnerability. The vulnerability is not listed on KEV or EPSS. Severity is pending evaluation by NIST.
Status do Exploit
EPSS
0.04% (percentil 14%)
The primary mitigation for CVE-2019-5671 is to upgrade to a patched version of the NVIDIA GPU Graphics Driver. NVIDIA released updates to address this vulnerability; consult the NVIDIA security advisories for specific driver versions containing the fix. If immediate patching is not possible, consider implementing temporary workarounds such as limiting access to the DxgkDdiEscape functionality or monitoring system resources for unusual behavior. After upgrading, confirm the fix by running a system stability test and verifying that the driver version is the patched version.
Actualice el controlador de la GPU NVIDIA a la última versión disponible desde el sitio web del fabricante o a través de Windows Update. Esto solucionará la vulnerabilidad de denegación de servicio en el controlador del modo kernel.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
It's a denial-of-service vulnerability in the NVIDIA GPU Graphics Driver caused by improper resource management, potentially leading to system crashes.
If you are using any version of the NVIDIA GPU Graphics Driver, you are potentially affected. Check your driver version against NVIDIA's security advisories.
Upgrade to the latest patched version of the NVIDIA GPU Graphics Driver. Consult NVIDIA's website for available updates.
There are currently no reports of active exploitation campaigns targeting this vulnerability.
Refer to the NVIDIA security advisories and the National Vulnerability Database (NVD) entry for CVE-2019-5671.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.