Symbolic Link Vulnerability in NVIDIA GeForce Experience
CVE-2022-42292

5MEDIUM

Key Information:

Vendor: Nvidia
Status: Geforce Experience
Vendor: CVE Published:; 12 February 2023

What is CVE-2022-42292?

NVIDIA GeForce Experience is vulnerable due to a flaw in the NVContainer component, allowing non-administrative users to create symbolic links to files that require elevated privileges. This improper handling can enable users to perform unauthorized actions, potentially leading to denial of service, privilege escalation, or limited tampering with data. Organizations utilizing GeForce Experience should assess their security posture and apply appropriate mitigations to protect against exploitation of this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

GeForce Experience Windows All versions prior to 3.27.0.112

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5384

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 12, 2023
Vulnerability Reserved
Oct 3, 2022

JSON

Nvidia