NVIDIA patches CVE-2019-5702 high-severity flaw in GeForce Experience

NVIDIA released a security update for the Windows NVIDIA GeForce Experience app that addresses CVE-2019-5702 high severity flaw.

NVIDIA addresses a high severity vulnerability (CVE-2019-5702) in Windows NVIDIA GeForce Experience (GFE) app that could be exploited by local attackers to trigger a denial of service (DoS) condition or escalate privileges on systems running the vulnerable software.

NVIDIA GFE allows users to 2capture and share videos, screenshots, and livestreams with friends, keeping drivers up to date and optimizing game settings. 

“NVIDIA has released a software security update for NVIDIA® GeForce Experience™. This update addresses an issue that may lead to denial of service or escalation of privileges.”reads the security advisory published by NVIDIA. “NVIDIA GeForce Experience contains a vulnerability when GameStream is enabled in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges.”

The CVE-2019-5702 vulnerability received a CVSS V3 base score of 8.4, it was fixed in December 2019. According to NVIDIA, the risk assessment is based on an average of risk across a diverse set of installs.

“To protect your system, download and install this software update through the GeForce Experience Downloads page, or open the client to automatically apply the security update.” continues the advisory.

The vulnerability was reported by the researcher that goes online with the handle RyotaK, it affects versions of NVIDIA GeForce Experience prior to 3.20.2.

“Earlier software branch releases that support this product are also affected,” NVIDIA adds. “If you are using an earlier branch release, upgrade to the latest branch release.”

Pierluigi Paganini

(SecurityAffairs – CVE-2019-5702, hacking)

Share On