Domain Registration

Nvidia fixes code execution vulnerability in GeForce Experience

  • July 09, 2020

Nvidia has released a security update fixing a bug in GeForce Experience that could be abused to conduct code execution attacks. 

Security


Cyber security 101: Protect your privacy from hackers, spies, and the government


Cyber security 101: Protect your privacy from hackers, spies, and the government

Simple steps can make the difference between losing your online accounts or maintaining what is now a precious commodity: Your privacy.

Read More

This week, Nvidia said the security flaw, CVE‑2020‑5964, is found in the service host component of GeForce Experience, “in which the integrity check of application resources may be missed.”

This failure to verify application resources properly can be used to compromise the software, leading to code execution, denial of service, and information leaks.

Issued a severity score of 6.5, the vulnerability impacts all versions of the software on Windows machines prior to version 3.20.4. 

See also: Nvidia squashes display driver code execution, information leak bugs

Nvidia’s GeForce Experience software works in tandem with GeForce graphics cards and is used to manage drivers, optimize game settings, and for live streaming purposes. 

To stay protected, the tech giant recommends that users accept automatic updates or manually install the latest version of the software via the Nvidia downloads page. 

CNET: China aims to dominate everything from 5G to social media — but will it?

In addition to the GeForce Experience security boost, the company has also published a security advisory relating to Jetson AGX Xavier, TX1, TX2, and Nano in the Nvidia JetPack software development kit (SDK). 

Issued a severity score of 8.8, CVE‑2020‑5974, a vulnerability disclosed by programmer Michael de Gans, is a Linux-based issue impacting versions 4.2 and 4.3 of the JetPack SDK. The bug has been caused by errors in installation scripts resulting in improper permissions being set on some directories. If exploited, these incorrect permission assignments could be used to trigger privilege escalation attacks. 

TechRepublic: BYOD: A trend rife with security concerns

In June’s security update, Nvidia patched six vulnerabilities in the Nvidia GPU Display Driver that impact both Windows and Linux systems. The most severe security flaws can be exploited for code execution, file corruption, and denial-of-service attacks. 



Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


Article source: https://www.zdnet.com/article/nvidia-fixes-code-execution-vulnerability-in-geforce-experience/#ftag=RSSbaffb68

Related News

%d bloggers like this: