NVIDIA patches critical vulnerability that could allow attackers to perform DoS attacks

• NVIDIA Geforce Experience software contains a vulnerability that could allow attackers to escalate privileges, conduct code execution, and perform Denial-of-Service (DoS) attacks.
• NVIDIA has released a security update to fix this vulnerability in the 3.18 version.

What is the issue - NVIDIA Geforce Experience software contains a vulnerability when ShadowPlay, NvContainer, or GameStream is enabled.

Why it matters - This vulnerability could allow attackers to escalate privileges, conduct code execution, and perform Denial-of-Service (DoS) attacks.

Worth noting

• This vulnerability tracked CVE‑2019‑5674 was reported by David Yesland, a security researcher from Rhino Security Labs.
• This vulnerability impacts all NVIDIA Geforce Experience versions prior to 3.18.
• This vulnerability has a high severity rating and an 8.8 base score from NVIDIA.

“The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk to your specific configuration,” NVIDIA stated.

Patch available

When opening a file, the NVIDIA Geforce Experience software does not check for hard links thereby allowing attackers to escalate privileges, perform code execution and DoS attacks.

NVIDIA has released a security update to fix this vulnerability in the 3.18 version. NVIDIA users are requested to update to the latest patched version 3.18 in order to stay protected from DoS attacks.