In a new security bulletin, NVIDIA revealed that its GeForce Experience software contained three vulnerabilities that could have led to denial of service, escalation of privileges, code execution, or information disclosure. Thankfully, these have all been patched already, but we’ve copied the details of each vulnerability below for those of you who are curious what components were affected and how they ranked in severity.
NVIDIA GeForce Experience is usually configured to update automatically, so users can simply launch the program for the software security update. The updated version is 3.20.5.70.
Vulnerabilities
| CVE IDs | Description | Base Score | Vector |
|---|---|---|---|
| CVE‑2020‑5977 | NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure. | 8.2 | AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H |
| CVE‑2020‑5990 | NVIDIA GeForce Experience contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure. | 7.3 | AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
| CVE‑2020‑5978 | NVIDIA GeForce Experience contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCAL_SYSTEM privileges which may lead to a denial of service or escalation of privileges. | 3.2 | AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L |
“The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation,” the company explains. “NVIDIA recommends consulting a security or IT professional to evaluate the risk to your specific configuration.”
Security Updates
| CVE IDs Addressed | Software Product | Operating System | Affected Versions | Updated Version |
|---|---|---|---|---|
| CVE‑2020‑5977 CVE‑2020‑5978 CVE‑2020‑5990 | GeForce Experience | Windows | All versions prior to 3.20.5.70 | 3.20.5.70 |
If you don’t have GeForce Experience, you can grab that here. NVIDIA recently added a bunch of interesting features, like an enhanced in-game overlay, new performance panel with one-click automatic GPU tuning, and 8K HDR Shadowplay Recording.