CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
EPSS
Percentile
5.1%
NVIDIA has released a firmware security update for the NVIDIA GeForce NOW Android mobile and TV app. This update addresses issues that may lead to code execution, denial of service, and information disclosure. To protect customer systems, the NVIDIA GeForce NOW for Android app will prompt customers to download and install the latest version upon opening the application.
Go to NVIDIA Product Security.
This section provides a summary of potential vulnerabilities that this security update addresses and their impact. Descriptions use CWE™, and base scores and vectors use CVSS v3.1 standards.
CVE ID | Description | Base Score | Vector and CWE |
---|---|---|---|
CVE‑2023‑31014 | NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a malicious application on the same device can process the implicit intent meant for the streamer component. A successful exploit of this vulnerability may lead to limited information disclosure, denial of service, and code execution. | 4.2 | AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L |
CWE-927 |
The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk to your specific configuration.
The following tables list the NVIDIA systems affected, firmware versions affected, and the updated version that includes this security update.
To protect your system, download and install this firmware update through the NVIDIA Enterprise Support Portal.
CVE IDs Addressed | Affected Product | Operating System | Affected Versions | Updated Version |
---|
CVE‑2023‑31014
| GeForce NOW for Android mobile and TV app | Android OS | 6.00.32705137 to 6.04.33108832 | 6.05.33200069
NVIDIA thanks Oversecured for reporting issue CVE-2023-31014.