Security News > 2020 > October > NVIDIA patches high severity GeForce Experience vulnerabilities

NVIDIA patches high severity GeForce Experience vulnerabilities
2020-10-22 19:01

NVIDIA released a security update for the Windows NVIDIA GeForce Experience app to address vulnerabilities that could enable attackers to execute arbitrary code, escalate privileges, gain access to sensitive info, or trigger a denial of service state on systems running unpatched software.

The three vulnerabilities fixed in the October 2020 security update are detailed below, together with full descriptions and the CVSS V3 base score assigned by NVIDIA. CVE IDs Description Base Score CVE‑2020‑5977 NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.

8.2 CVE‑2020‑5990 NVIDIA GeForce Experience contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service, or information disclosure.

The vulnerabilities impact only computers running Windows and NVIDIA GeForce Experience versions before 3.20.5.70, the version that comes with fixes for the three bugs.

In July, NVIDIA fixed another security flaw in all GeForce Experience versions prior to 3.20.4 which could lead to code execution, denial of service, or escalation of privileges.


News URL

https://www.bleepingcomputer.com/news/security/nvidia-patches-high-severity-geforce-experience-vulnerabilities/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Nvidia 239 12 178 319 15 524