Vulnerability-Lookup

CNVD-2019-41657

Vulnerability from cnvd - Published: 2019-11-21

Title

NVIDIA GPUModeSwitch Tool和NVIDIA NVFlash存在未明漏洞

Description

NVIDIA NVFlash和GPUModeSwitch Tool都是美国英伟达（NVIDIA）公司的产品。NVIDIA NVFlash是一款用于NVIDIA显卡BIOS固件刷新的工具。GPUModeSwitch Tool是一款NVIDIA GPU模式更改实用程序。 NVIDIA GPUModeSwitch Tool和NVIDIA NVFlash存在安全漏洞，攻击者可利用该漏洞导致权限升级，信息泄露或拒绝服务。

Severity

高

Patch Name

NVIDIA GPUModeSwitch Tool和NVIDIA NVFlash存在未明漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://nvidia.custhelp.com/app/answers/detail/a_id/4928

Reference

https://support.lenovo.com/us/en/product_security/LEN-29419

Impacted products

Name
['NVIDIA NVFlash', 'NVIDIA NVUFlash <5.588.0', 'NVIDIA GPUModeSwitch <2019-11']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-5688",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5688"
    }
  },
  "description": "NVIDIA NVFlash\u548cGPUModeSwitch Tool\u90fd\u662f\u7f8e\u56fd\u82f1\u4f1f\u8fbe\uff08NVIDIA\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002NVIDIA NVFlash\u662f\u4e00\u6b3e\u7528\u4e8eNVIDIA\u663e\u5361BIOS\u56fa\u4ef6\u5237\u65b0\u7684\u5de5\u5177\u3002GPUModeSwitch Tool\u662f\u4e00\u6b3eNVIDIA GPU\u6a21\u5f0f\u66f4\u6539\u5b9e\u7528\u7a0b\u5e8f\u3002\n\nNVIDIA GPUModeSwitch Tool\u548cNVIDIA NVFlash\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u6743\u9650\u5347\u7ea7\uff0c\u4fe1\u606f\u6cc4\u9732\u6216\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://nvidia.custhelp.com/app/answers/detail/a_id/4928",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-41657",
  "openTime": "2019-11-21",
  "patchDescription": "NVIDIA NVFlash\u548cGPUModeSwitch Tool\u90fd\u662f\u7f8e\u56fd\u82f1\u4f1f\u8fbe\uff08NVIDIA\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002NVIDIA NVFlash\u662f\u4e00\u6b3e\u7528\u4e8eNVIDIA\u663e\u5361BIOS\u56fa\u4ef6\u5237\u65b0\u7684\u5de5\u5177\u3002GPUModeSwitch Tool\u662f\u4e00\u6b3eNVIDIA GPU\u6a21\u5f0f\u66f4\u6539\u5b9e\u7528\u7a0b\u5e8f\u3002\r\n\r\nNVIDIA GPUModeSwitch Tool\u548cNVIDIA NVFlash\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u6743\u9650\u5347\u7ea7\uff0c\u4fe1\u606f\u6cc4\u9732\u6216\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "NVIDIA GPUModeSwitch Tool\u548cNVIDIA NVFlash\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "NVIDIA NVFlash",
      "NVIDIA NVUFlash \u003c5.588.0",
      "NVIDIA GPUModeSwitch \u003c2019-11"
    ]
  },
  "referenceLink": "https://support.lenovo.com/us/en/product_security/LEN-29419",
  "serverity": "\u9ad8",
  "submitTime": "2019-11-12",
  "title": "NVIDIA GPUModeSwitch Tool\u548cNVIDIA NVFlash\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

CVE-2019-5688 (GCVE-0-2019-5688)

Vulnerability from cvelistv5 – Published: 2019-11-18 17:33 – Updated: 2024-08-04 20:01

Summary

NVIDIA NVFlash, NVUFlash Tool prior to v5.588.0 and GPUModeSwitch Tool prior to 2019-11, NVIDIA kernel mode driver (nvflash.sys, nvflsh32.sys, and nvflsh64.sys) contains a vulnerability in which authenticated users with administrative privileges can gain access to device memory and registers of other devices not managed by NVIDIA, which may lead to escalation of privileges, information disclosure, or denial of service.

Severity ?

No CVSS data available.

CWE

escalation of privileges, information disclosure, denial of service.

Assigner

nvidia

References

URL

Tags

https://nvidia.custhelp.com/app/answers/detail/a_…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	NVIDIA	NVIDIA NVFlash, NVUFlash, GPUModeSwitch Tool	Affected: NVFlash Affected: NVUFlash prior to v5.588.0 Affected: GPUModeSwitch prior to 2019-11

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:01:52.098Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4928"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NVIDIA NVFlash, NVUFlash, GPUModeSwitch Tool",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "NVFlash"
            },
            {
              "status": "affected",
              "version": "NVUFlash prior to v5.588.0"
            },
            {
              "status": "affected",
              "version": "GPUModeSwitch prior to 2019-11"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "NVIDIA NVFlash, NVUFlash Tool prior to v5.588.0 and GPUModeSwitch Tool prior to 2019-11, NVIDIA kernel mode driver (nvflash.sys, nvflsh32.sys, and nvflsh64.sys) contains a vulnerability in which authenticated users with administrative privileges can gain access to device memory and registers of other devices not managed by NVIDIA, which may lead to escalation of privileges, information disclosure, or denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "escalation of privileges, information disclosure, denial of service.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-18T17:33:35",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4928"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@nvidia.com",
          "ID": "CVE-2019-5688",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NVIDIA NVFlash, NVUFlash, GPUModeSwitch Tool",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "NVFlash"
                          },
                          {
                            "version_value": "NVUFlash prior to v5.588.0"
                          },
                          {
                            "version_value": "GPUModeSwitch prior to 2019-11"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "NVIDIA"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "NVIDIA NVFlash, NVUFlash Tool prior to v5.588.0 and GPUModeSwitch Tool prior to 2019-11, NVIDIA kernel mode driver (nvflash.sys, nvflsh32.sys, and nvflsh64.sys) contains a vulnerability in which authenticated users with administrative privileges can gain access to device memory and registers of other devices not managed by NVIDIA, which may lead to escalation of privileges, information disclosure, or denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "escalation of privileges, information disclosure, denial of service."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4928",
              "refsource": "MISC",
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4928"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2019-5688",
    "datePublished": "2019-11-18T17:33:35",
    "dateReserved": "2019-01-07T00:00:00",
    "dateUpdated": "2024-08-04T20:01:52.098Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2019-41657

CVE-2019-5688 (GCVE-0-2019-5688)

Tags

Sightings

Nomenclature