Nvidia patches GeForce Experience bug
Nvidia, a maker of gaming graphics processing units (GPU), has fixed a high-severity vulnerability in its GeForce Experience software, which could lead to code execution or denial-of-service of products. The vulnerability has been entered into the NIST database as CVE‑2019‑5674 and has a CVSS score of 8.8. GeForce Experience is a supplemental application to the GeForce GTX graphics cards. It keeps users' drivers up-to-date and automatically optimizes their game settings. GeForce Experience is installed by default on systems running NVIDIA GeForce products.
The bug allows any system file within the application to be overwritten when ShadowPlay, NvContainer, or GameStream are enabled. When opening a file, the software does not check for hard links according to Nvidia in a security update. This can lead to code execution, denial-of-service or escalation of privileges.
The issue was reported by Rhino Security Labs' researcher David Yesland, who published a proof-of-concept exploit for the vulnerability. When Yesland inspected the permissions on the files, he realized that anyone can have control over them. It's possible for a low-privileged user to create a symbolic link between log files and any other system file. that would allow the user to overwrite the contents of that system file.
With an arbitrary file write, hackers can force an application to overwrite any file on the system as a privileged user. This means that a hacker can cause a denial of service by overwriting critical system files, but if hackers can control the data that is being written, they can do more with it. Some files could be modified with commands that write a file to the system startup folder, leading to commands being executed by other users at startup.
This bug affects all Windows computers where a version of NVIDIA GeForce Experience prior to 3.18 is installed and ShadowPlay or GameStream are enabled. To apply the security update, NVIDIA GeForce Experience users can download the latest version from the GeForce Experience Downloads page, or launch the client on their Windows computers to have it applied using the built-in automatic update mechanism. Last month, NVIDIA also released a security update for the NVIDIA GPU Display Driver software which patched eight security issues that could have lead to code execution, escalation of privileges, denial of service, or information disclosure on vulnerable Windows and Linux machines.