Nvidia tackles code execution flaws, data leaks in GeForce Experience
Nvidia released a security update yesterday that fixed several high severity flaws in the GeForce Experience software. The patch update addresses issues in all versions of GeForce Experience 18.104.22.168 on Windows and below. According to Nvidia, the flaws could lead to denial of service, escalation of privileges, code execution, or information disclosure.
The first and second vulnerabilities patched in the update have CVSS scores of 8.2 and 7.3 respectively. The first, CVE‑2020‑5977, could lead to denial of service if exploited by hackers for the purpose of executing arbitrary code. This flaw was uncovered in the Helper NodeJS Web Server. The second, CVE‑2020‑5990, lies in the ShadowPlay live stream and broadcast function in Nvidia software. If exploited, the vulnerability could lead to trigger code execution or denial of service.