A recent NVIDIA security update for its GeForce Experience software has identified a potentially serious vulnerability, which could lead to arbitrary execution of code, a denial-of-service (DoS) condition, or privilege increases.
NVIDIA GeForce Experience, a software piece installed on devices running GeForce products by default, allows users to update their drivers, improve gameplay settings and share content with other users.
David Yesland of Rhino Security Labs has found that several arbitrary write issues affect the software, enabling an attacker to overwrite a system file. The failure exists because of unsecured log file permissions to which GeForce Experience uses SYSTEM privileges to write data.
The flaw, tracked as CVE-2019-5674, can use NVIDIA patches in GeForce Experience to overwrite critical system files to cause a DoS condition. The vulnerability can also be exploited for the execution of arbitrary code by injecting commands on a specific NVIDIA log file to create a malicious.bat file in the start-up folder of Windows.
The.bat file will be executed whenever the user logs in and can lead to a privilege escalation if the user has administrative privileges. Yesland has also found a way to increase privileges. He found two.bat files for the NVIDIA application which are automatically run under the SYSTEM if the services “NVIDIA Display Container” or “NVIDIA Telemetry Container” crash more than twice.
This action is part of these services ‘ default recovery process. The attacker could use arbitrary write files to add malicious code to these files and use a DoS vulnerability to crash three times the above services, resulting in high privileges for malicious.bat files.
The researcher has released the vulnerability technical details together with proof-of-concept (PoC) code.
“When ShadowPlay, NvContainer and GameStream are enabled, NVIDIA GeForce Experience contains a vulnerability. The software does not check hard links when opening a file. This may lead to code execution, service denial, or privilege escalation, “NVIDIA explained.
According to NVIDIA, a vulnerability in writing arbitrary file affects versions of GeForce Experience that resolved the problem before 3.18. The seller has assigned the defect a CVSS score of 8.8. NVIDIA released security updates last month for its NVIDIA GPU display drivers to address several serious vulnerabilities affecting GeForce, Quadro, NVS and Tesla products.
