CYBER NEWS

CVE‑2019‑5674: Flaw in NIVIDIA GeForce Experience for Windows

NVIDIA GeForce Experience for Windows has been found to contain a security vulnerability, CVE‑2019‑5674, that could allow local attackers to elevate privileges, trigger code execution, and carry out denial-of-service attacks.




Even though the vulnerability requires local user access, it could still be exploited remotely with the help of previously planted malicious tools on a system running the vulnerable NVIDIA GeForce Experience.

Related:
The flaws could lead to a range of attacks such as escalation of privilege, denial of service and information disclosure.
20 Vulnerabilities in Intel Graphics Driver for Windows (CVE-2018-12214).

More about CVE‑2019‑5674

According to the official description, the update that addresses the vulnerability fixes an issue that may lead to code execution, denial of service, or escalation of privileges. The flaw has a high secerity rating and an 8.8 base score.

The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk to your specific configuration”, the advisory says.

The bug was reported by Rhino Security Labs researcher David Yesland.

It should be noted that all GeForce Experience versions before version 3.18 are affected. More specifically, Windows systems running one of these versions along with enabled ShadowPlay, NvContainer, or GameStream are in danger of attacks.

If you have one of the vulnerable versions of NVIDIA GeForce Experience, you should download the latest version as soon as possible. To do so, go to GeForce Experience download page, where you can directly download the patched version.

In February, eight security issues were discovered (and patched) in the NVIDIA GPU Display Driver software, with one of the vulnerabilities affecting both Linux and Windows systems. The vulnerabilities could also lead to code execution, escalation of privileges, denial of service attacks, and information disclosure.

Related:
Eight security issues were discovered in the NVIDIA GPU Display Driver software, with one of the vulnerabilities affecting both Linux and Windows systems.
NVIDIA GPU Display Driver Needs Patching after Disclosure of 8 Issues.

In similarity to the current vulnerability, despite the vulnerabilities requiring local access, hackers could still exploit them with the help of malicious software installed on a system running the vulnerable driver. The vulnerabilities in question are CVE 2019 5665, CVE 2019 5666, CVE 2019 5667, CVE 2019 5668, CVE 2019 5669, CVE 2019 5670, CVE 2019 5671, CVE 2018 6260.

Milena Dimitrova

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the beginning. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...