Critical Vulnerability Patched In NVIDIA GeForce Experience posed a severe threat to the gamers
By MYBRANDBOOK
A serious vulnerability in NVIDIA GeForce Experience posed a severe threat to the gamers. More specifically, the software vulnerability threatened users of Windows systems.
Reportedly, researcher, David Yesland from Rhino Security Labs, discovered a serious security flaw in NVIDIA GeForce Experience software. According to his findings, exploiting the vulnerability could lead to denial of service, privilege escalation, and even code execution. GeForce Experience is a supplementary application by NVIDIA installed alongside GeForce products for automatic game settings optimization and added functionality.
The researcher has shared his findings in a detailed blog post. As disclosed by Yesland, he observed an arbitrary file write vulnerability affecting the system. Describing in brief about the bug, he stated,
“This vulnerability allowed any system file to be overwritten due to insecure permissions set on log files which GFE writes data to as the SYSTEM user. Additionally, one log file contained data that could be user-controlled, allowing commands to be injected into it and then written to as a batch files leading to code execution on other users and potentially privilege escalation.”
Yesland has explained the technicalities associated with this flaw in his blog post. He has also demonstrated a detailed PoC in his blog post alongside a basic brief on Github.
NVIDIA Patched The Flaw
NVIDIA has also acknowledged Yesland’s findings for the vulnerability CVE‑2019‑5674. Explaining this vulnerability in their security advisory, they stated,
“NVIDIA GeForce Experience contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges.”
The vendors labeled it a high severity bug that achieved a CVSS base score of 8.8. As explained, the vulnerability affected all GeForce Experience software versions prior to 3.18 for Windows Operating system. NVIDIA has fixed the bug in the software version 3.18. Thus, the users must ensure upgrading their devices to the latest version to avoid potential threats.
BHIM to join e-commerce, competing with PhonePe and Google Pay
The government-supported payment software BHIM is getting ready to join t...
The latest version of X helps prevent deepfakes on social medi
To combat deepfakes and shallowfakes, Elon Musk revealed a new update t...
India and Namibia collaborate on a payment system similar to U
Once operational, the platform will enable digital transactions in Namibia,...
Sebi issues show-cause notices to six Adani group firms
Sebi issued show-cause notices to six Adani Group firms, including Adani ...
Technology Icons Of India 2023: Honorary Prof. N. Balakrishnan
Prof. N. Balakrishnan is an Indian aerospace and computer scientist. H...
Technology Icons Of India 2023: Sunil Bharti Mittal
Sunil Bharti Mittal is the Founder and Chairman of Bharti Enterprises,...
Technology Icons Of India 2023: Dr. P D Vaghela
Dr PD Vaghela serves as the Chairperson of Telecommunications Regulato...
PGCIL transforming India with its wide power transmission network
Engaged in power transmission, POWERGRID or PGCIL is a stated owned In...
ITI Limited widening its focus area
ITI Limited is a public sector undertaking company, has manufacturing ...
NIC bridging the digital divide and supporting government in eGovernance
The National Informatics Centre (NIC) is an Indian government departme...
REDINGTON INDIA LIMITED
Redington (India) Limited operates in the IT product distribution busi...
SUPERTRON ELECTRONICS PVT. LTD.
Supertron deals in servers, laptops, components, accessories and is a...
BEETEL TELETECH LTD.
: Beetel is one of the oldest and most reputed brands in the Industry,...