Vulnerabilities > Nvidia > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-11-09 CVE-2019-5694 Uncontrolled Search Path Element vulnerability in Nvidia GPU Driver
NVIDIA Windows GPU Display Driver, R390 driver version, contains a vulnerability in NVIDIA Control Panel in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution.
local
low complexity
nvidia CWE-427
6.5
2019-11-09 CVE-2019-5693 Access of Uninitialized Pointer vulnerability in Nvidia GPU Driver
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) in which the program accesses or uses a pointer that has not been initialized, which may lead to denial of service.
local
low complexity
nvidia CWE-824
5.5
2019-08-06 CVE-2019-5686 Unspecified vulnerability in Nvidia GPU Driver
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software uses an API function or data structure in a way that relies on properties that are not always guaranteed to be valid, which may lead to denial of service.
local
low complexity
nvidia
5.5
2019-07-19 CVE-2019-5680 Improper Input Validation vulnerability in Nvidia Jetson TX1 Firmware 24.2.2/28.1
In NVIDIA Jetson TX1 L4T R32 version branch prior to R32.2, Tegra bootloader contains a vulnerability in nvtboot in which the nvtboot-cpu image is loaded without the load address first being validated, which may lead to code execution, denial of service, or escalation of privileges.
local
low complexity
nvidia CWE-20
6.7
2019-05-10 CVE-2019-5677 Out-of-bounds Read vulnerability in Nvidia GPU Driver
NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DeviceIoControl where the software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer, which may lead to denial of service.
local
low complexity
nvidia CWE-125
5.5
2019-05-10 CVE-2019-5676 Uncontrolled Search Path Element vulnerability in Nvidia Geforce Experience and GPU Display Driver
NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution.
local
low complexity
nvidia CWE-427
6.7
2019-04-12 CVE-2018-6239 Information Exposure vulnerability in Nvidia Jetson TX2 R28.1/R28.2.1
NVIDIA Jetson TX2 contains a vulnerability by means of speculative execution where local and unprivileged code may access the contents of cached information in an unauthorized manner, which may lead to information disclosure.
local
low complexity
nvidia CWE-200
5.5
2019-04-11 CVE-2019-5673 Improper Check for Unusual or Exceptional Conditions vulnerability in Nvidia Jetson TX2 R28.1/R28.2.1
NVIDIA Jetson TX2 contains a vulnerability in the kernel driver (on all versions prior to R28.3) where the ARM System Memory Management Unit (SMMU) improperly checks for a fault condition, causing transactions to be discarded, which may lead to denial of service.
local
low complexity
nvidia CWE-754
6.1
2019-04-01 CVE-2018-3979 Resource Exhaustion vulnerability in multiple products
A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution.
network
low complexity
canonical nvidia CWE-400
6.5
2019-02-27 CVE-2019-5671 Missing Release of Resource after Effective Lifetime vulnerability in Nvidia GPU Driver
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software does not release a resource after its effective lifetime has ended, which may lead to denial of service.
local
low complexity
nvidia CWE-772
5.5