- NVIDIA Geforce Experience software contains a vulnerability that could allow attackers to escalate privileges, conduct code execution, and perform Denial-of-Service (DoS) attacks.
- NVIDIA has released a security update to fix this vulnerability in the 3.18 version.
What is the issue - NVIDIA Geforce Experience software contains a vulnerability when ShadowPlay, NvContainer, or GameStream is enabled.
Why it matters - This vulnerability could allow attackers to escalate privileges, conduct code execution, and perform Denial-of-Service (DoS) attacks.
- This vulnerability tracked CVE‑2019‑5674 was reported by David Yesland, a security researcher from Rhino Security Labs.
- This vulnerability impacts all NVIDIA Geforce Experience versions prior to 3.18.
- This vulnerability has a high severity rating and an 8.8 base score from NVIDIA.
“The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk to your specific configuration,” NVIDIA stated.
When opening a file, the NVIDIA Geforce Experience software does not check for hard links thereby allowing attackers to escalate privileges, perform code execution and DoS attacks.
NVIDIA has released a security update to fix this vulnerability in the 3.18 version. NVIDIA users are requested to update to the latest patched version 3.18 in order to stay protected from DoS attacks.