Nvidia has disclosed that its GeForce Experience application had three security vulnerabilities, although at least the good news is that the company has disclosed this problem once it has been patched when it is normal for the information to be disclosed after a thank you period has passed, where a company is given time to resolve the problem. Once the grace period has passed, vulnerability problems are of a public nature, forcing their quick solution.
One of these vulnerabilities is classified as very low risk with a score of 3.2 out of 10 according to the CVE, while the other two vulnerabilities are high risk.
|CVE ‑ 2020‑5977||Nvidia GeForce Experience contains a vulnerability in the Nvidia Web Helper NodeJS Web Server where an uncontrolled search path is used to load a module node, which can lead to code execution, denial of service, privilege escalation and the disclosure of information.||8.2|
|CVE ‑ 2020‑5990||Nvidia GeForce Experience contains a vulnerability in the ShadowPlay component that can lead to local privilege escalation, code execution, denial of service, or information disclosure.||7.3|
|CVE ‑ 2020‑5978||Nvidia GeForce Experience contains a vulnerability in its services in which a folder is created by ||3.2|
To solve the problem, you only have to update Nvidia GeForce Experience ( download; or update from the application itself), a version that will be already integrated into the company’s next graphics drivers.