cnvd - cnvd-2019-41650

cnvd-2019-41650

Vulnerability from cnvd

Title: NVIDIA GeForce Experience local service provider组件存在未明漏洞

Description:

NVIDIA Windows GPU Display Driver和NVIDIA GeForce Experience都是美国英伟达（NVIDIA）公司的产品。NVIDIA Windows GPU Display Driver是一款专用于Windows平台的图形处理器（GPU）显卡驱动程序。NVIDIA GeForce Experience是一套显卡自动更新工具.该产品能够自动更新显卡驱动程序，并支持显卡性能管理和优化等。

NVIDIA Windows GPU Display Driver和NVIDIA GeForce Experience中的local service provider组件存在安全漏洞，该漏洞源于程序未能验证路径或签名就直接加载Windows系统的DLLs，攻击者可利用该漏洞造成拒绝服务或泄露信息。

Severity: 中

Patch Name: NVIDIA GeForce Experience local service provider组件存在未明漏洞的补丁

Patch Description:

NVIDIA Windows GPU Display Driver和NVIDIA GeForce Experience中的local service provider组件存在安全漏洞，该漏洞源于程序未能验证路径或签名就直接加载Windows系统的DLLs，攻击者可利用该漏洞造成拒绝服务或泄露信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://nvidia.custhelp.com/app/answers/detail/a_id/4860

Reference: https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695 https://support.lenovo.com/us/en/product_security/LEN-29419

Impacted products

Name
['NVIDIA Windows GPU Display Driver', 'NVIDIA GeForce Experience']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-5695",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5695"
    }
  },
  "description": "NVIDIA Windows GPU Display Driver\u548cNVIDIA GeForce Experience\u90fd\u662f\u7f8e\u56fd\u82f1\u4f1f\u8fbe\uff08NVIDIA\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002NVIDIA Windows GPU Display Driver\u662f\u4e00\u6b3e\u4e13\u7528\u4e8eWindows\u5e73\u53f0\u7684\u56fe\u5f62\u5904\u7406\u5668\uff08GPU\uff09\u663e\u5361\u9a71\u52a8\u7a0b\u5e8f\u3002NVIDIA GeForce Experience\u662f\u4e00\u5957\u663e\u5361\u81ea\u52a8\u66f4\u65b0\u5de5\u5177.\u8be5\u4ea7\u54c1\u80fd\u591f\u81ea\u52a8\u66f4\u65b0\u663e\u5361\u9a71\u52a8\u7a0b\u5e8f\uff0c\u5e76\u652f\u6301\u663e\u5361\u6027\u80fd\u7ba1\u7406\u548c\u4f18\u5316\u7b49\u3002\n\nNVIDIA Windows GPU Display Driver\u548cNVIDIA GeForce Experience\u4e2d\u7684local service provider\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u9a8c\u8bc1\u8def\u5f84\u6216\u7b7e\u540d\u5c31\u76f4\u63a5\u52a0\u8f7dWindows\u7cfb\u7edf\u7684DLLs\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u6216\u6cc4\u9732\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://nvidia.custhelp.com/app/answers/detail/a_id/4860",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-41650",
  "openTime": "2019-11-21",
  "patchDescription": "NVIDIA Windows GPU Display Driver\u548cNVIDIA GeForce Experience\u90fd\u662f\u7f8e\u56fd\u82f1\u4f1f\u8fbe\uff08NVIDIA\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002NVIDIA Windows GPU Display Driver\u662f\u4e00\u6b3e\u4e13\u7528\u4e8eWindows\u5e73\u53f0\u7684\u56fe\u5f62\u5904\u7406\u5668\uff08GPU\uff09\u663e\u5361\u9a71\u52a8\u7a0b\u5e8f\u3002NVIDIA GeForce Experience\u662f\u4e00\u5957\u663e\u5361\u81ea\u52a8\u66f4\u65b0\u5de5\u5177.\u8be5\u4ea7\u54c1\u80fd\u591f\u81ea\u52a8\u66f4\u65b0\u663e\u5361\u9a71\u52a8\u7a0b\u5e8f\uff0c\u5e76\u652f\u6301\u663e\u5361\u6027\u80fd\u7ba1\u7406\u548c\u4f18\u5316\u7b49\u3002\r\n\r\nNVIDIA Windows GPU Display Driver\u548cNVIDIA GeForce Experience\u4e2d\u7684local service provider\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u9a8c\u8bc1\u8def\u5f84\u6216\u7b7e\u540d\u5c31\u76f4\u63a5\u52a0\u8f7dWindows\u7cfb\u7edf\u7684DLLs\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u6216\u6cc4\u9732\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "NVIDIA GeForce Experience local service provider\u7ec4\u4ef6\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "NVIDIA Windows GPU Display Driver",
      "NVIDIA GeForce Experience"
    ]
  },
  "referenceLink": "https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695\r\nhttps://support.lenovo.com/us/en/product_security/LEN-29419",
  "serverity": "\u4e2d",
  "submitTime": "2019-11-08",
  "title": "NVIDIA GeForce Experience local service provider\u7ec4\u4ef6\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

CVE-2019-5695 (GCVE-0-2019-5695)

Vulnerability from cvelistv5

Published

2019-11-12 20:14

Modified

2024-08-04 20:01

Severity ?

CWE

denial of service or information disclosure through code execution

Summary

NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution.

References

▼	URL	Tags
	https://nvidia.custhelp.com/app/answers/detail/a_id/4907	x_refsource_CONFIRM
	https://nvidia.custhelp.com/app/answers/detail/a_id/4860	x_refsource_CONFIRM
	https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695	x_refsource_MISC

Impacted products

Vendor

Product

Version

▼

NVIDIA

NVIDIA GeForce Experience

Version: prior to 3.20.1

NVIDIA

NVIDIA Windows GPU Display Driver

Version: all versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:01:52.051Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4907"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NVIDIA GeForce Experience",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "prior to 3.20.1"
            }
          ]
        },
        {
          "product": "NVIDIA Windows GPU Display Driver",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "denial of service or information disclosure through code execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-18T18:28:04",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4907"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@nvidia.com",
          "ID": "CVE-2019-5695",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NVIDIA GeForce Experience",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to 3.20.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "NVIDIA Windows GPU Display Driver",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "all versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "NVIDIA"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "denial of service or information disclosure through code execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4907",
              "refsource": "CONFIRM",
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4907"
            },
            {
              "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860",
              "refsource": "CONFIRM",
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4860"
            },
            {
              "name": "https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695",
              "refsource": "MISC",
              "url": "https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2019-5695",
    "datePublished": "2019-11-12T20:14:54",
    "dateReserved": "2019-01-07T00:00:00",
    "dateUpdated": "2024-08-04T20:01:52.051Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted