Recently, NVIDIA has fixed numerous security vulnerabilities in its GeForce Experience software and GPU Display Driver. Users should ensure updating their devices to the patched versions to stay protected.
NVIDIA GeForce Experience Vulnerabilities
As revealed in an advisory, there existed at least three different security flaws in NVIDIA GeForce Experience. NVIDIA came to know of these vulnerabilities through different security researchers from ACTIVELabs, Chengdu University of Technology, and SafeBreach Labs.
The first of these vulnerabilities, CVE‑2019‑5701, could let an attacker load Intel graphics driver DLLs without signature or path validation. Anyone with local access to the system with GameStream active could exploit the flaw. As a result, the attacker could trigger information disclosure, denial of service, or code execution to elevate privileges.
The second vulnerability CVE‑2019‑5689 existed in the Downloader component that allowed an attacker with local access to download and save malicious files. Whereas, the third vulnerability, CVE‑2019‑5695, affected the local service provider component, allowing an attacker to load Windows system DLLs without path or signature validation.
Both vulnerabilities also required an attacker to have local access to the system. Moreover, both flaws could lead to information disclosure, denial of service, or code execution.
These three vulnerabilities allegedly affected all previous versions of GeForce Experience. Following the reports, NVIDIA patched the flaws with the release of GeForce Experience version 3.20.1.
NVIDIA GPU Driver Vulnerabilities
In another advisory, NVIDIA also disclosed numerous vulnerabilities affecting the NVIDIA GPU driver and software.
Specifically, the vendors patched six different vulnerabilities in the NVIDIA Windows GPU Display Driver. Of these, two security flaws (CVE‑2019‑5690 and CVE‑2019‑5691) achieved a CVSS base score of 7.8. Upon exploit, the flaws could lead to privilege escalation or denial of service.
Moreover, NVIDIA also released fixes for three vulnerabilities CVE‑2019‑5696, CVE‑2019‑5697, and CVE‑2019‑5698 in NVIDIA vGPU Software
The vendors have acknowledged Peleg Hadar of SafeBreach Labs for discovering and reporting the bugs CVE-2019-5694 and CVE-2019-5695.
Let us know your thoughts in the comments.