Main Vulnerability Database SB2019080645

SB2019080645 - Windows Hard Link in NVIDIA Windows GPU Display Driver

Published: August 6, 2019 Updated: August 8, 2019

Security Bulletin ID SB2019080645

Severity

Low

Patch available

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Windows Hard Link (CVE-ID: CVE-2019-5683)

The vulnerability allows a local attacker to cause the software to operate on unauthorized files.

The vulnerability exists due to the usage of hard link in the user mode video driver trace logger component. A local authenticated attacker with the access to the system can create a hard link, the software does not check for hard link attacks.

This behavior may lead to code execution, denial of service, or escalation of privileges.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://nvidia.custhelp.com/app/answers/detail/a_id/4841