NVIDIA have recently fixed a serious vulnerability in GeForce Experience (GFE). Exploiting the flaw could have allowed an attacker to target Windows systems for local access.
NVIDIA GeForce Experience Vulnerability
Reportedly, NVIDIA has disclosed a serious vulnerability affecting its Windows NVIDIA GeForce Experience (GFE) app. Exploiting the vulnerability could have allowed an attacker to trigger a denial of service on the target device. Orgain elevated privileges on the machine.
To trigger the flaw, an attacker was required to have local user access to the device. The bug won’t work in case of remote access unless the attacker dropped malicious payloads on vulnerable devices.
Elaborating on the details in an advisory, NVIDIA revealed that the vulnerability CVE‑2019‑5702 achieved a CVSS base score of 8.4. Describing the vulnerability, the stated,
NVIDIA GeForce Experience contains a vulnerability when GameStream is enabled in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges.
The flaw caught the attention of the service after the researcher with alias RyotaK observed the matter.
Patch Rolled Out – Update Now
After detecting the vulnerability, NVIDIA worked on a fix to address the bug which affected all versions prior to 3.20.2. NVIDIA also explained,
Earlier software branch releases that support this product is also affected. If you are using an earlier branch release, upgrade to the latest branch release.
Users must ensure updating their devices to the latest patched version; that is, v.3.20.2.
This year, NVIDIA has patched numerous bugs affecting its products. In March 2019, a researcher found a critical security vulnerability in GeForce Experience that could result in dos, privilege escalation, or even code execution.
Then, apart from other security updates in GeForce Experience, NVIDIA patched multiple vulnerabilities in GPU driver as well in November.
Let us know your thoughts in the comments.