Nvidia fixes code execution vulnerability in GeForce Experience

Got a gamer or graphic hound that manually manages updates? …:

[…] Nvidia has released a security update fixing a bug in GeForce Experience that could be abused to conduct code execution attacks.

This week, Nvidia said the security flaw, CVE‑2020‑5964, is found in the service host component of GeForce Experience, “in which the integrity check of application resources may be missed.”

This failure to verify application resources properly can be used to compromise the software, leading to code execution, denial of service, and information leaks.

Issued a severity score of 6.5, the vulnerability impacts all versions of the software on Windows machines prior to version 3.20.4.

See also: Nvidia squashes display driver code execution, information leak bugs

Nvidia’s GeForce Experience software works in tandem with GeForce graphics cards and is used to manage drivers, optimize game settings, and for live streaming purposes.

To stay protected, the tech giant recommends that users accept automatic updates or manually install the latest version of the software via the Nvidia downloads page.


Original Article