NVIDIA discovered a total of nine vulnerabilities; three of these vulnerabilities exist within GeForce Experience. While the remaining six vulnerabilities reside within the company’s Windows GPU Display driver. The first bug, CVE-2019-5701, is a vulnerability that resides within GameStream and, when enabled, allows an attacker to load Intel graphics driver DLLs without proper path validations. The second bug, which is present within the GeForce downloader, gives attackers local access to the program and allows them to craft and execute code that can transfer and save malicious files. Which in turn, can lead to the creation of potentially devastating code executions, denial-of-service and information leaks.
To that end, the third vulnerability found in the GeForce local service provider component can also be exploited to cause denial-of-service or data theft. Of the remaining six vulnerabilities, the most severe of them is CVE-2019-5690, which is a kernel mode layer handler issue that hackers can exploit for their own benefit.
As mentioned, the latest GeForce driver 441.12 addresses these vulnerabilities and patches them. As such, we think it’s best for you to update your graphics driver immediately or at your earliest convenience. (Source: NVIDIA [1] [2], ZDNet)
