Improper access control in NVIDIA App (formerly GeForce Experience) - CVE-2021-23175

 

Improper access control in NVIDIA App (formerly GeForce Experience) - CVE-2021-23175

Published: December 22, 2021


Vulnerability identifier: #VU59082
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-23175
CWE-ID: CWE-284
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: nVidia
Affected software:
NVIDIA App (formerly GeForce Experience)

Detailed vulnerability description

The vulnerability allows a local user to escalate privilege son the system.

The vulnerability exists due to improper access restrictions where GameStream does not correctly apply individual user access controls for users on the same device. A local user can run a specially crafted program to escalate privileges on the system.


How to mitigate CVE-2021-23175

Install updates from vendor's website.

Sources