Nvidia fixes code execution vulnerability in GeForce Experience
Nvidia has released a security update fixing a bug in GeForce Experience that could be abused to conduct code execution attacks.
This week, Nvidia said the security flaw, CVE‑2020‑5964, is found in the service host component of GeForce Experience, "in which the integrity check of application resources may be missed."
This failure to verify application resources properly can be used to compromise the software, leading to code execution, denial of service, and information leaks.
Issued a severity score of 6.5, the vulnerability impacts all versions of the software on Windows machines prior to version 3.20.4.
See also: Nvidia squashes display driver code execution, information leak bugs
Nvidia's GeForce Experience software works in tandem with GeForce graphics cards and is used to manage drivers, optimize game settings, and for live streaming purposes.
To stay protected, the tech giant recommends that users accept automatic updates or manually install the latest version of the software via the Nvidia downloads page.
CNET: China aims to dominate everything from 5G to social media -- but will it?
In addition to the GeForce Experience security boost, the company has also published a security advisory relating to Jetson AGX Xavier, TX1, TX2, and Nano in the Nvidia JetPack software development kit (SDK).
Issued a severity score of 8.8, CVE‑2020‑5974, a vulnerability disclosed by programmer Michael de Gans, is a Linux-based issue impacting versions 4.2 and 4.3 of the JetPack SDK. The bug has been caused by errors in installation scripts resulting in improper permissions being set on some directories. If exploited, these incorrect permission assignments could be used to trigger privilege escalation attacks.
TechRepublic: BYOD: A trend rife with security concerns
In June's security update, Nvidia patched six vulnerabilities in the Nvidia GPU Display Driver that impact both Windows and Linux systems. The most severe security flaws can be exploited for code execution, file corruption, and denial-of-service attacks.
The worst IoT, smart home hacks of 2020 (so far)
Previous and related coverage
- Nvidia expands virtual GPU support, enabling more remote work
- AI chips in 2020: Nvidia and the challengers
- Nvidia closes $7 billion Mellanox purchase
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0