CVE-2019-5674 Information

Description

NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link the software does not check for hard link attacks. This behavior may lead to code execution denial of service or escalation of privileges.

CVSS Vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

http://support.lenovo.com/us/en/solutions/LEN-27096 http://www.securityfocus.com/bid/107621 https://nvidia.custhelp.com/app/answers/detail/a_id/4784

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.0