• Home
  • Laptops
  • Laptops News
  • GeForce Experience Security Flaw Could Affect PC Gamers, Nvidia Advises Users to Download Update

GeForce Experience Security Flaw Could Affect PC Gamers, Nvidia Advises Users to Download Update

Share on Facebook Tweet Snapchat Share Reddit Comment
GeForce Experience Security Flaw Could Affect PC Gamers, Nvidia Advises Users to Download Update
Highlights
  • The threat is rated as severe even though attackers need local access
  • Nvidia has patched the flaw with the latest version of GeForce Experience
  • Nvidia has a dominant position in the discrete gaming GPU market

Nvidia has disclosed a security vulnerability with its GeForce Experience software for GeForce graphics card owners that could allow an attacker to execute and escalate privileges for arbitrary code, and carry out denial-of-service attacks. All versions of GeForce Experience prior to version 3.18 are vulnerable, if the ShadowPlay, NvContainer, or GameStream features are enabled. Nvidia advises all users to upgrade to the latest available version to be safe. The risk has been assessed as high severity.

Nvidia has thanked and credited David Yesland of Rhino Security Labs for discovering and reporting this security problem. According to Bleeping Computer, the threat requires an attacker to have access to affected PCs, which limits the potential for misuse. However, other malicious tools that allow remote access to PCs could be used in conjunction with this vulnerability. Not only could an attacker execute malicious code without requiring elevated privileges, but they could also carry out a denial-of-service attack that would result in the affected PC becoming unusable. 

The vulnerability allows malicious code to be substituted for what affected versions of the GeForce Experience software is expecting because it failed to check for hard links, or explicit pointers to resources. No user interaction is required to allow malicious code to be executed, and only the usual low privileges are required. 

Nvidia has stated that its risk assessments are based on an average threat level for all PCs with the affected software installed, which means that some specific installations and configurations are more vulnerable than others. However, all users are advised to update to the latest version of GeForce Experience either by downloading it directly from Nvidia's website or by running the software's built-in auto-updater.

Nvidia currently has the lion's share of discrete GPUs across desktops and laptops, with the latest Steam Hardware Survey pegging its install base as slightly over 75 percent, compared to just under 15 percent for AMD. Of course that figure represents gamers, not the entirety of PC users. 

The GeForce Experience software is used to manage automatic driver updates, and allows gamers to use profiles for games that will optimise settings for better gameplay on their PCs depending on their configurations. The affected features are those that let users capture and share gameplay video, and stream games from a PC with a GeForce GPU to another device such as a portable console.     

Affiliate links may be automatically generated - see our ethics statement for details.
Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Further reading: Nvidia, GeForce, GeForce Experience
Jamshed Avari

Jamshed Avari has been working in tech journalism as a writer, editor and reviewer for over 13 years. He has reviewed hundreds of products ranging from smartphones and tablets to PC components and accessories, and has also written guides, feature articles, news and analyses. Going beyond simple ratings and specifications, he digs deep into how emerging products and services affect actual users, and what marks they leave on our cultural landscape. He's happiest when something new comes ...More

Red Dead Redemption 2 for Nintendo Switch Spotted in Online Catalogue
Adobe, Microsoft to Take on Salesforce's Marketing Software, With LinkedIn as a Weapon

Related Stories

 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2021. All rights reserved.
Listen to the latest songs, only on JioSaavn.com