Nvidia warns of a serious bug in GeForce Experience - but there's a fix

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up

PCHF IT Feeds

PCHF Tech News
PCHF Bot
Jan 10, 2015
52,072
26
pchelpforum.net
Nvidia has rushed out a fix for a vulnerability in its Nvidia GeForce Experience (GFE) software that could allow local attackers carry out code execution attacks.

The flaw, tracked as CVE‑2020‑5964, could also allow hackers with access to an unpatched machine to trigger a denial of service (DoS) state and access privileged information.

The medium-rated vulnerability impacts all versions of the Nvidia GFE, the company's companion software for GeForce GTX graphics card that keeps drivers up to date and automatically optimizes game settings, installed on Windows machines prior to version 3.20.4.


"Nvidia Windows GPU Display Driver, all versions, contains a vulnerability in the service host component, in which the application resources integrity check may be missed," Team Green warns. "Such an attack may lead to code execution, denial of service or information disclosure."

To stay protected, Nvidia recommends that users accept automatic updates or manually install the latest version of the GeForce Experience software from the Nvidia downloads page.

"Earlier software branch releases that support this product are also affected," Nvidia adds. "If you are using an earlier branch release, upgrade to the latest branch release."

Nvidia has published a second security advisory related to a Linux-based bug in the JetPack SDK that can can lead to escalation of privilege attacks. The bug, CVE‑2020‑5974, has been given an even more alarming 8.8 severity rating.

To protect against this bug, Nvidia recommends you download and install the latest NVIDIA JetPack SDK from Nvidia DevZone.

News of these vulnerabilities comes just weeks after Nvidia patched a number of security vulnerabilities in its GPU Display and CUDA drivers as well as its Virtual GPU Manager software.


Continue reading...