About CVE-2021-23175 on NVIDIA GeForce Experience (21-12-2021)

Preface: When the Gamer PC is invaded by an attacker. The inherent risk is not limited to the local PC itself. From a technical point of view, the victim site will be transformed into a weapon to attack other peers.

Background: GeForce Experience is the companion application to your GeForce graphics card. It keeps your drivers up to date, automatically optimizes your game settings, and let you share your gaming moments with friends. GeForce Experience makes it easy to live broadcast gameplay from your entire PC library using the live streaming service of your choice. GeForce Experience supports live broadcasting with Facebook Live, YouTube Live, and Twitch.

GameStream gives you the power to access your favorite games from your GeForceĀ® GTX-powered PC on your SHIELD TV or SHIELD Tablet. Jump directly into SteamĀ® Big Picture mode from the Steam app on SHIELD.

Vulnerability details: The vulnerability allows a local user to escalate privileges on the system. The flaw exists due to improper access restrictions where GameStream does not correctly apply individual user access controls for users on the same device. A local user can run a specially crafted program to escalate privileges on the system. GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service.

Official announcement: https://nvidia.custhelp.com/app/answers/detail/a_id/5295

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.