Symbolic Link Vulnerability in NVIDIA GeForce Experience
CVE-2022-42292

5MEDIUM

Key Information:

Vendor: Nvidia
Status: Geforce Experience
Vendor: CVE Published:; 12 February 2023

Summary

NVIDIA GeForce Experience is vulnerable due to a flaw in the NVContainer component, allowing non-administrative users to create symbolic links to files that require elevated privileges. This improper handling can enable users to perform unauthorized actions, potentially leading to denial of service, privilege escalation, or limited tampering with data. Organizations utilizing GeForce Experience should assess their security posture and apply appropriate mitigations to protect against exploitation of this vulnerability.

Affected Version(s)

GeForce Experience Windows All versions prior to 3.27.0.112

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5384

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 12, 2023
Vulnerability Reserved
Oct 3, 2022