Login Sign Up

CVE-2019-5684

10.0 CRITICAL
Remote Code Execution Denial of Service

📋 TL;DR

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to cause out-of-bounds memory access in texture arrays. Attackers could exploit this to cause denial of service or potentially execute arbitrary code. All Windows systems with NVIDIA GPU drivers are affected.

💻 Affected Systems

Products:
  • NVIDIA Windows GPU Display Driver
Versions: All versions prior to patched releases
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all NVIDIA GPU drivers on Windows systems; specific patch versions vary by GPU model

📦 What is this software?

Gpu Driver by Nvidia

View all CVEs affecting Gpu Driver →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with kernel-level code execution leading to complete system control

🟠

Likely Case

System crashes, blue screens, or application instability leading to denial of service

🟢

If Mitigated

Limited to application crashes if proper sandboxing and driver isolation are in place

🌐 Internet-Facing: MEDIUM - Requires user interaction with malicious content but could be delivered via web-based vectors
🏢 Internal Only: HIGH - Malicious applications or compromised users could exploit this locally

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user to run malicious DirectX shader content; proof-of-concept details are publicly available

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Varies by GPU model - check NVIDIA security bulletin for specific version

Vendor Advisory: https://nvidia.custhelp.com/app/answers/detail/a_id/4841

Restart Required: Yes

Instructions:

1. Visit NVIDIA driver download page 2. Select your GPU model and Windows version 3. Download and install latest driver 4. Restart system

🔧 Temporary Workarounds

Disable DirectX shader execution

windows

Prevent execution of potentially malicious DirectX shaders

Application sandboxing

windows

Run graphics applications in isolated environments

🧯 If You Can't Patch

  • Restrict user access to untrusted applications and content
  • Implement application allowlisting to prevent execution of unknown programs

🔍 How to Verify

Check if Vulnerable:

Check NVIDIA driver version in Device Manager > Display adapters > Properties > Driver tab

Check Version:

nvidia-smi (if installed) or check in Device Manager

Verify Fix Applied:

Verify driver version matches or exceeds patched version from NVIDIA advisory

📡 Detection & Monitoring

Log Indicators:

  • System crashes, blue screen events, driver failure logs in Windows Event Viewer

Network Indicators:

  • Unusual network traffic from graphics applications

SIEM Query:

EventID=1001 OR EventID=41 OR Source='nvlddmkm' AND (Level=2 OR Level=1)

📊 Metadata

CVE ID: CVE-2019-5684
CVSS v3 Score: 10.0 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-787
Published: August 6, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-5684, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)