Nvidia has patched a critical security flaw in GeForce Experience which can be exploited to execute local code execution attacks.
The security flaw was discovered by David Yesland of Rhino Security Labs, according to a release note published on Tuesday (March.26th).
Tracked as CVE-2019-5674 and awarded a base severity score of 8.8, the vulnerability exists in all versions of GeForce Experience prior to 3.18.
GeForce Experience bug
When a ShadowPlay, NvContainer, or GameStream are enabled, the software does not check for hard links, which may lead to code execution, denial of service, or escalation of privileges.
“This vulnerability allowed any system file to be overwritten due to insecure permissions set on log files which GFE writes data to as the SYSTEM user,” Yesland said in a blog post.
“Additionally, one log file contained data that could be user-controlled, allowing commands to be injected into it and then written to as a batch file leading to code execution on other users and potential privilege escalation.”
Even though the security flaw cannot be activated remotely, being able to execute code without authorisation can result in additional malware payload being distributed on impacted machines.
Depending on the environment in which the software is running on, such as on a network, exploiting this flaw could potentially result in several machines becoming vulnerable to an attack.
There are no mitigations available for this vulnerability.
“Often arbitrary file writes are not considered very impactful because it is assumed it can only be used to simply overwrite an arbitrary file with some data,” Yesland added. “But, if you can somehow control that data which is being written and get a little creative, the impact can be very significant.”
Nvidia urges all users to update their GeForce Experience software by downloading the latest update.
The update can be found on the GeForce Experience Downloads page.