Arbitrary File Deletion Vulnerability in NVIDIA GeForce Experience
CVE-2021-1072

6MEDIUM

Key Information:

Vendor: Nvidia
Status: Nvidia Geforce Experience Software
Vendor: CVE Published:; 5 February 2021

Summary

NVIDIA GeForce Experience, in all versions prior to 3.21, features a vulnerability in the GameStream component (specifically within rxdiag.dll) that allows for arbitrary file deletion. This flaw arises from improper handling of log files, potentially leading to service disruptions or denial of service to users. It’s crucial for users to update to the latest version to protect against such vulnerabilities.

Affected Version(s)

NVIDIA GeForce Experience Software All versions prior to 3.21

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5155

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 5, 2021
Vulnerability Reserved
Nov 12, 2020