NVIDIA have issued a Security Bulletin to users of their GeForce Experience desktop app identifying three vulnerabilities which could allow agents to execute code, escalate user privileges and otherwise compromise a system. The worst, CVE-2020-5977 according to CVE naming conventions, is classed as 'High' under the CVSS v3.1 scoring system.
All versions of GeForce Experience prior to 3.20.5.70 are affected by these issues.
In conjunction with the update Bulletin an Update has been pushed to GeForce Experience which closes the vulnerabilities. This update - v3.20.5.70 - can be downloaded via the main GeForce Experience page or by opening the desktop app, triggering an automatic update process.
The Bulletin also acknowledges the following individuals for reporting the issues:
CVE-2020-5977: Xavier DANEST - Decathlon
CVE-2020-5978: Hashim Jawad of ACTIVELabs
CVE-2020-5990: Hashim Jawad of ACTIVELabs
CVE-2020-5978: Hashim Jawad of ACTIVELabs
CVE-2020-5990: Hashim Jawad of ACTIVELabs
SOURCE: NVIDIA Security Bulletin 5076
