CVE-2021-23175

Published: Dec 23, 2021Modified: Nov 21, 2024

8.2

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Exploitability: 1.5 / Impact: 6.0

Source: NVD

Description

NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service, affecting other resources beyond the intended security authority of GameStream.

Affected (1)

Products: Nvidia: Geforce Experience

1 product

Geforce Experience

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Nvidia Geforce Experience	Before 3.24.0.126

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://nvidia.custhelp.com/app/answers/detail/a_id/5295

Source: psirt@nvidia.com

Vendor Advisory

https://nvidia.custhelp.com/app/answers/detail/a_id/5295

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.