Code Execution and Privilege Escalation in NVIDIA GeForce Experience
CVE-2021-1079

6.1MEDIUM

Key Information:

Vendor: Nvidia
Status: Nvidia Geforce Experience Software
Vendor: CVE Published:; 20 April 2021

Summary

NVIDIA GeForce Experience, prior to version 3.22, contains a vulnerability in its GameStream plugins where log files are generated with NT/System level permissions. This flaw can potentially allow local attackers to execute arbitrary code, disrupt services, or escalate privileges. However, the attacker does not have control over the results of the modification, nor can they leak information due to the overwrite mechanism.

Affected Version(s)

NVIDIA GeForce Experience Software All versions prior to 3.22

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5184

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 20, 2021
Vulnerability Reserved
Nov 12, 2020

Credit

NVIDIA thanks Matt Batten and Paolo Stagno for reporting this issue.