NVIDIA has released a security update for the Windows NVIDIA GeForce Experience (GFE) application to address vulnerabilities that could allow intruders to execute arbitrary code, escalate privileges, gain access to sensitive information, or cause denial of service. ) in systems.
NVIDIA GFE is a GeForce GTX graphics card utility that "updates drivers, automatically optimizes your game settings and gives you the easiest way to share your greatest gaming moments with your friends," according to NVIDIA.
While these bugs require intruders to have local user access and cannot be exploited remotely, they can be used with malware developed on systems running vulnerable versions of the NVIDIA GFE application.
In addition, attacks that take advantage of these bugs are low-complexity, according to NVIDIA, and also require low privileges and do not require user interaction.
|CVE IDs||Description||Base Score|
|CVE ‑ 2020‑5977||NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and disclosure information.||8.2|
|CVE ‑ 2020‑5990||NVIDIA GeForce Experience contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service, or information disclosure.||7.3|
|CVE ‑ 2020‑5978||NVIDIA GeForce Experience contains a vulnerability in its services in which a folder is created by ||3.2|