Nvidia warns of a serious bug in GeForce Experience - but there's a fix

Nvidia RTX
(Image credit: Nvidia)

Nvidia has rushed out a fix for a vulnerability in its Nvidia GeForce Experience (GFE) software that could allow local attackers carry out code execution attacks.

The flaw, tracked as CVE‑2020‑5964, could also allow hackers with access to an unpatched machine to trigger a denial of service (DoS) state and access privileged information.

The medium-rated vulnerability impacts all versions of the Nvidia GFE, the company's companion software for GeForce GTX graphics card that keeps drivers up to date and automatically optimizes game settings, installed on Windows machines prior to version 3.20.4.

"Nvidia Windows GPU Display Driver, all versions, contains a vulnerability in the service host component, in which the application resources integrity check may be missed," Team Green warns. "Such an attack may lead to code execution, denial of service or information disclosure."

To stay protected, Nvidia recommends that users accept automatic updates or manually install the latest version of the GeForce Experience software from the Nvidia downloads page. 

"Earlier software branch releases that support this product are also affected," Nvidia adds. "If you are using an earlier branch release, upgrade to the latest branch release."

Nvidia has published a second security advisory related to a Linux-based bug in the JetPack SDK that can can lead to escalation of privilege attacks. The bug, CVE‑2020‑5974, has been given an even more alarming 8.8 severity rating. 

To protect against this bug, Nvidia recommends you download and install the latest NVIDIA JetPack SDK from Nvidia DevZone.

News of these vulnerabilities comes just weeks after Nvidia patched a number of security vulnerabilities in its GPU Display and CUDA drivers as well as its Virtual GPU Manager software.

TOPICS
Carly Page

Carly Page is a Freelance journalist, copywriter and editor specialising in Consumer/B2B technology. She has written for a range of titles including Computer Shopper, Expert Reviews, IT Pro, the Metro, PC Pro, TechRadar and Tes. 

Latest in GPU
Zotac Gaming RTX 5090 Graphics Card
Nvidia Blackwell stock woes are compounded by price hikes as more RTX 5090 GPUs soar in pricing, and I’m sick and tired of it all at this point
Nvidia app
Tired of manually optimizing your games? Nvidia's new G-Assist could save you time
Nvidia RTX 5080 against a yellow TechRadar background
RTX 5080 24GB version teased by MSI - is it time to admit that 16GB isn't enough for 4K?
Nvidia AMD
Nvidia rumors suggest it's working on two affordable GPUs to spoil AMD's party
An Nvidia RTX 5080 vs RTX 4080 Super against a two-tone background
Nvidia RTX 5080 vs RTX 4080 Super: should you upgrade to the latest Blackwell GPU?
An Intel Arc B580 vs Nvidia RTX 4060 against a two-tone background
Intel Arc B580 vs Nvidia RTX 4060: Which mainstream GPU is right for you?
Latest in News
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does