NVIDIA GeForce Experience Vulnerabilities - US

2018-12-13T13:34:08
ID LENOVO:PS500208-NOSID
Type lenovo
Reporter Lenovo
Modified 2020-03-19T14:03:02

Description

Lenovo Security Advisory: LEN-24779

Potential Impact: Information disclosure, denial of service, privilege escalation

Severity: High

Scope of Impact: Industry-wide

CVE Identifier: CVE-2018-6257, CVE-2018-6258, CVE-2018-6259, CVE‑2018‑6261, CVE‑2018‑6262

Summary Description:

NVIDIA has released a software update to address potential security vulnerabilities in GeForce Experience. When GameStream is enabled and an unauthorized user gains system access, these issues may lead to limited user information disclosure, denial of service, or escalation of privileges. These vulnerabilities are summarized below.

CVE-2018-6257: NVIDIA GeForce Experience contains a potential vulnerability when GameStream is enabled where improper access control may lead to a denial of service, escalation of privileges, or both.

CVE-2018-6258: NVIDIA GeForce Experience contains a potential vulnerability during GameStream installation where an attacker who has system access can potentially conduct a Man-in-the-Middle (MitM) attack to obtain sensitive information.

CVE-2018-6259: NVIDIA GeForce Experience contains a potential vulnerability when GameStream is enabled, an attacker has system access, and certain system features are enabled, where limited information disclosure may be possible.

CVE-2018-6261: NVIDIA GeForce Experience contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation of privileges by users with system access.

CVE-2018-6262: NVIDIA GeForce Experience contains a vulnerability when GameStream is enabled where limited sensitive user information may be available to users with system access, which may lead to information disclosure.

Mitigation Strategy for Customers (what you should do to protect yourself):

NVIDIA recommends updating to the version of NVIDIA GeForce Experience (or later) described for your system in the product impact section. To immediately protect your system, disable the GeForce Experience Share In-game Overlay until the application can be patched.

Product Impact:

Product Impact: