Image: NVIDIA

In a new security bulletin, NVIDIA revealed that its GeForce Experience software contained three vulnerabilities that could have led to denial of service, escalation of privileges, code execution, or information disclosure. Thankfully, these have all been patched already, but we’ve copied the details of each vulnerability below for those of you who are curious what components were affected and how they ranked in severity.

NVIDIA GeForce Experience is usually configured to update automatically, so users can simply launch the program for the software security update. The updated version is 3.20.5.70.

Vulnerabilities

CVE IDsDescriptionBase ScoreVector
CVE‑2020‑5977NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.8.2AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CVE‑2020‑5990NVIDIA GeForce Experience contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.7.3AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVE‑2020‑5978NVIDIA GeForce Experience contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCAL_SYSTEM privileges which may lead to a denial of service or escalation of privileges.3.2AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L

“The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation,” the company explains. “NVIDIA recommends consulting a security or IT professional to evaluate the risk to your specific configuration.”

Security Updates

CVE IDs AddressedSoftware ProductOperating SystemAffected VersionsUpdated Version
CVE‑2020‑5977
CVE‑2020‑5978
CVE‑2020‑5990
GeForce ExperienceWindowsAll versions prior to 3.20.5.703.20.5.70

If you don’t have GeForce Experience, you can grab that here. NVIDIA recently added a bunch of interesting features, like an enhanced in-game overlay, new performance panel with one-click automatic GPU tuning, and 8K HDR Shadowplay Recording.

Don’t Miss Out on More FPS Review Content!

Our weekly newsletter includes a recap of our reviews and a run down of the most popular tech news that we published.

Join the Conversation

2 Comments

  1. I don’t use GeForce Experience anyways. Although I really wish there was a way to access ShadowPlay without it.

Leave a comment