Denial of Service and Privilege Escalation in NVIDIA GeForce Experience Software
CVE-2017-0316

7.8HIGH

Key Information:

Vendor: Nvidia
Status: Geforce Experience
Vendor: CVE Published:; 16 October 2017

Summary

NVIDIA GeForce Experience software versions prior to 3.10.0.55 contain a vulnerability in the NVIDIA Installer Framework. This vulnerability is located in NVISystemService64, where user input is improperly validated before being used by the driver. Without adequate checks, this flaw may lead to denial of service conditions or allow attackers to escalate their privileges within the system. Immediate attention is required to mitigate risks associated with this vulnerability.

Affected Version(s)

GeForce Experience 3.x

References

http://nvidia.custhelp.com/app/answers/detail/a_id/4560

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 16, 2017
Vulnerability Reserved
Nov 23, 2016