The following section summarizes the vulnerability. The description uses CWE™ and the risk assessment follows CVSS.
NVIDIA Installer Framework contains a vulnerability in NVISystemService64
where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges.
CVSS Base Score: 7.2
CVSS Temporal Score: 5.8
CVSS Vector: CVSS: 3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:H/E:U/RL:O/RC:U
NVIDIA’s risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk of your specific configuration.
Affected Products
Product | Operating System |
---|---|
GeForce Experience 3.x | Windows |