Vulnerabilities > CVE-2019-5684 - Out-of-bounds Write vulnerability in Nvidia GPU Driver

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

nvidia

microsoft

CWE-787

critical

nessus

NVD

Published: 2019-08-06

Updated: 2019-08-13

Summary

NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access of an input texture array, which may lead to denial of service or code execution.

Vulnerable Configurations

Part	Description	Count
Application	Nvidia Nvidia GPU Driver *	1
OS	Microsoft Microsoft Windows -	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Nessus

NASL family	Misc.
NASL id	VMWARE_ESXI_VMSA-2019-0012.NASL
description	The remote VMware ESXi host is version 6.5 or 6.7 and is affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	128035
published	2019-08-20
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/128035
title	ESXi 6.5 / 6.7 Multiple Vulnerabilities (VMSA-2019-0012)
code	# # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(128035); script_version("1.2"); script_cvs_date("Date: 2019/10/17 14:31:04"); script_cve_id("CVE-2019-5521", "CVE-2019-5684"); script_bugtraq_id(93287); script_xref(name:"VMSA", value:"2019-0012"); script_xref(name:"IAVA", value:"2019-A-0278"); script_name(english:"ESXi 6.5 / 6.7 Multiple Vulnerabilities (VMSA-2019-0012)"); script_summary(english:"Checks the ESXi version and build number."); script_set_attribute(attribute:"synopsis", value: "The remote VMware ESXi host is missing a security patch and is affected by pixel shader out-of-bounds read/write vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote VMware ESXi host is version 6.5 or 6.7 and is affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2019-0012.html"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch as referenced in the vendor advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-5684"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/02"); script_set_attribute(attribute:"patch_publication_date", value:"2019/08/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/20"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi"); script_set_attribute(attribute:"stig_severity", value:"II"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("vmware_vsphere_detect.nbin"); script_require_keys("Host/VMware/version", "Host/VMware/release", "Settings/ParanoidReport"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); if (report_paranoia < 2) audit(AUDIT_PARANOID); fixes = make_array( '6.5', '13932383', '6.7', '13981272' ); rel = get_kb_item_or_exit('Host/VMware/release'); if ('ESXi' >!< rel) audit(AUDIT_OS_NOT, 'ESXi'); ver = get_kb_item_or_exit('Host/VMware/version'); match = pregmatch(pattern:'^ESXi? ([0-9]+\\.[0-9]+).$', string:ver); if (isnull(match)) audit(AUDIT_UNKNOWN_BUILD, 'VMware ESXi', '6.5 / 6.7'); ver = match[1]; if (ver !~ '^6\\.(5\|7)$') audit(AUDIT_OS_NOT, 'ESXi 6.5 / 6.7'); fixed_build = int(fixes[ver]); if (empty_or_null(fixed_build)) audit(AUDIT_VER_FORMAT, ver); match = pregmatch(pattern:'^VMware ESXi.build-([0-9]+)$', string:rel); if (isnull(match)) audit(AUDIT_UNKNOWN_BUILD, 'VMware ESXi', '6.5 / 6.7'); build = int(match[1]); if (!(build < fixed_build)) audit(AUDIT_INST_VER_NOT_VULN, 'VMware ESXi', ver + ' build ' + build); report = '\n ESXi version : ' + ver + '\n Installed build : ' + build + '\n Fixed build : ' + fixed_build + '\n'; security_report_v4(port:0, severity:SECURITY_HOLE, extra:report);

NASL family	Windows
NASL id	VMWARE_WORKSTATION_WIN_VMSA_2019_0012.NASL
description	The version of VMware Workstation installed on the remote Windows host is 14.0.x prior to 14.1.6 or 15.0.x prior to 15.0.3. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	127138
published	2019-08-12
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/127138
title	VMware Workstation 14.0.x < 14.1.6 / 15.0.x < 15.0.3 Pixel Shader out-of-bounds read/write vulnerabilities (VMSA-2019-0012)

NASL family	VMware ESX Local Security Checks
NASL id	VMWARE_VMSA-2019-0012.NASL
description	Pixel shader vulnerabilities VMware ESXi, Workstation and Fusion contain out-of-bounds read/write vulnerabilities in the pixel shader functionality. Exploitation of these issues require an attacker to have access to a virtual machine with 3D graphics enabled. It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion. Successful exploitation of the out-of-bounds read issue (CVE-2019-5521) may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on the host. The out-of-bounds write issue (CVE-2019-5684) can be exploited only if the host has an affected NVIDIA graphics driver. Successful exploitation of this issue may lead to code execution on the host. Customers should check NVIDIA security advisory for additional information.
last seen	2020-06-01
modified	2020-06-02
plugin id	127807
published	2019-08-12
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/127807
title	VMSA-2019-0012 : Out-of-bounds pixel shader vulnerabilities

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_FUSION_VMSA_2019_0012.NASL
description	The version of VMware Fusion installed on the remote macOS or Mac OS X host is 10.0.x prior to 10.1.6 or 11.0.x prior to 11.0.3. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	127135
published	2019-08-12
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/127135
title	VMware Fusion 10.0.x < 10.1.6 / 11.0.x < 11.0.3 Pixel Shader out-of-bounds read/write vulnerabilities (VMSA-2019-0012)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References