NVIDIA Address Three Potential Vulnerabilities in GeForce Experience

The FPS Review may receive a commission if you purchase something after clicking a link in this article.


NVIDIA GeForce Experience users who haven’t updated their software recently may want to do that straight away. According to a new security bulletin posted on NVIDIA’s official support site, GeForce Experience has received a new software security update that addresses three potential vulnerabilities, including one with a base score of 8.2 that could lead to data tampering. NVIDIA has thanked Minse Kim of DNSLab (Defensible Networked Systems Lab., Korea University) for discovering two of these vulnerabilities in its GeForce Experience software, which serves as a portal for keeping GeForce drivers up to date, optimizing game settings, and more.

From an NVIDIA Support post:

NVIDIA has released a software security update for NVIDIA GeForce Experience software. This update addresses issues that may lead to code execution, information disclosure, data tampering, and denial of service.

To protect your system, download and install this software update through the GeForce Experience Downloads page, or open the client to automatically apply the security update.

Vulnerabilities Addressed

CVE IDDescriptionBase ScoreVector
CVE‑2022‑42291NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering. An attacker does not have explicit control over the exploitation of this vulnerability, which requires the user to explicitly launch the installer from the compromised directory.8.2AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H
CVE‑2022‑31611NVIDIA GeForce Experience contains an uncontrolled search path vulnerability in all its client installers, where an attacker with user level privileges may cause the installer to load an arbitrary DLL when the installer is launched. A successful exploit of this vulnerability could lead to escalation of privileges and code execution.6.8AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H
CVE‑2022‑42292NVIDIA GeForce Experience contains a vulnerability in the NVContainer component, where a user without administrator privileges can create a symbolic link to a file that requires elevated privileges to write to or modify, which may lead to denial of service, escalation of privilege or limited data tampering.5.0AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H

NVIDIA Software Products Affected

CVE IDs AddressedSoftware ProductOperating SystemAffected VersionsUpdated Version
GeForce ExperienceWindowsAll versions prior to

Join the discussion in our forums...

Tsing Mui
News poster at The FPS Review.

Recent News