NvidiaNVIDIA:4725Security Bulletin: NVIDIA GeForce Experience - September 2018
1.9 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
2.5 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
0.0004 Low
EPSS
Percentile
12.8%
NVIDIA has released a software update to address potential security vulnerabilities in GeForce Experience. When GameStream is enabled and an unauthorized user gains system access, these issues may lead to limited user information disclosure, denial of service, or escalation of privileges. To protect your system, download and install this software update through the GeForce Experience Downloads page. Go to NVIDIA Product Security.
Vulnerability Details
This section summarizes the potential vulnerabilities. Descriptions use CWEβ’, and base scores and vectors follow CVSS V3 standards.
| CVE | Description | Base Score | CVSS V3 Vector |
|---|---|---|---|
| CVEβ2018β6261 | NVIDIA GeForce Experience contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation of privileges by users with system access. | 8.8 | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| CVEβ2018β6262 | NVIDIA GeForce Experience contains a vulnerability when GameStream is enabled where limited sensitive user information may be available to users with system access, which may lead to information disclosure. | ||
| 5.5 | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
NVIDIAβs risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk to your specific configuration.
Security Updates
The following table lists the software products and versions affected by these potential vulnerabilities, and the updated versions that address these vulnerabilities.
| CVE | Software Product | Operating System | Affected Versions | Updated Versions |
|---|---|---|---|---|
| CVEβ2018β6261 CVEβ2018β6262 | GeForce Experience | Windows | All versions prior to 3.15 | 3.15 or later |
Download the updates from the NVIDIA GeForce Experience Downloads page, or open the client to automatically apply the security update.
Notes:
- All branches prior to the versions listed in the Affected Versions column are impacted.
- If you are using an unsupported version or an earlier unsupported branch, upgrade to the latest supported version. To identify products that are no longer supported contact NVIDIA Support.
Mitigations
None. See Security Updates for the versions to install to address these vulnerabilities.
Acknowledgements
CVEβ2018β6261: NVIDIA thanks Mark Barnes for reporting this issue.
| CPE | Name | Operator | Version |
|---|---|---|---|
| geforce experience | lt | 3.15 |
Related
1.9 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
2.5 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
0.0004 Low
EPSS
Percentile
12.8%