Nvidia patches code execution vulnerability in GeForce Experience
Nvidia has released a patch to fix a serious security vulnerability in GeForce Experience which can be exploited to perform local code execution attacks.
Revealed this week, the security flaw was originally discovered and reported by David Yesland of Rhino Security Labs.
Tracked as CVE‑2019‑5674 and awarded a base severity score of 8.8, the bug is present in Nvidia GeForce Experience versions prior to 3.18 on the Microsoft Windows operating system.
Security
See also: Nvidia looking to surf data science wave into the data center
When ShadowPlay, NvContainer, or GameStream are enabled, opening a file does not result in hard links being checked, which may lead to code execution, denial of service, or escalation of privileges.
"This vulnerability allowed any system file to be overwritten due to insecure permissions set on log files which GFE writes data to as the SYSTEM user," Yesland said in a blog post describing his findings. "Additionally, one log file contained data that could be user-controlled, allowing commands to be injected into it and then written to as a batch files leading to code execution on other users and potentially privilege escalation."
While the security issue cannot be activated remotely, being able to execute code without authorization can result in additional malware payloads being deployed on impacted machines. Depending on the environment in which the software is operating, such as on a network, exploiting this single flaw could result in multiple machines becoming vulnerable to attack.
TechRepublic: Top 5 barriers to AI security adoption
There are no mitigations or workarounds available for this vulnerability.
"Often arbitrary file writes are not considered very impactful because it is assumed it can only be used to simply overwrite an arbitrary file with some data," Yesland added. "But, if you can somehow control that data which is being written and get a little creative, the impact can be very significant."
Nvidia recommends that users update their GeForce Experience software build immediately. The latest, patched version is available on the GeForce Experience Downloads page and is also being sent over the air as an automatic update.
CNET: Mueller report: Everything we know about the Trump-Russia investigation
Earlier this month, the tech giant resolved a swathe of security vulnerabilities impacting the Nvidia Windows GPU Display driver.
The vulnerabilities included another failure to check for hard links, an issue in index validation, a kernel mode handler error, and lifeline release problems. Upon exploitation, these bugs could be used to create a denial of service scenario, to escalate privileges, to locally execute code, and to leak information.