CVE-2023-31014

Published: Sep 20, 2023Modified: Nov 21, 2024

4.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Exploitability: 1.3 / Impact: 3.4

Source: NVD

Description

NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a malicious application on the same device can process the implicit intent meant for the streamer component. A successful exploit of this vulnerability may lead to limited information disclosure, denial of service, and code execution.

Affected (1)

Products: Nvidia: Geforce Now

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Nvidia Geforce Now	From 6.00.32705137 to 6.04.33108832

Running on/with	Platform Versions
Google Android	All versions

Related CWEs

Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

Use of Implicit Intent for Sensitive Communication

The Android application uses an implicit intent for transmitting sensitive data to other applications.

References (2)

https://nvidia.custhelp.com/app/answers/detail/a_id/5476

Source: psirt@nvidia.com

Vendor Advisory

https://nvidia.custhelp.com/app/answers/detail/a_id/5476

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.