CVE-2019-5674

CWE-593 documents3 sources

Severity

7.0HIGH

EPSS

0.2%

top 58.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Geforce Experience Nvidia Corporation Geforce Experience

Timeline

PublishedMar 28

Latest updateMay 13

Description

NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages2 packages

▶NVDnvidia/geforce_experience< 3.18

▶CVEListV5nvidia_corporation/geforce_experiencebefore 3.18

Patches

Patch: nvidia.custhelp.com ↗Patch: nvidia.custhelp.com ↗

🔴Vulnerability Details

GHSA

GHSA-5xw4-x4cg-v965: NVIDIA GeForce Experience before 3↗2022-05-13

▶

CVEList

CVE-2019-5674: NVIDIA GeForce Experience before 3↗2019-03-28

▶