Nvidia warns of a serious bug in GeForce Experience - but there’s a fix

Vulnerability could allow attackers to carry out code execution attacks

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Nvidiahas rushed out a fix for a vulnerability in itsNvidia GeForce Experience(GFE) software that could allow local attackers carry out code execution attacks.

The flaw, tracked asCVE‑2020‑5964, could also allow hackers with access to an unpatched machine to trigger a denial of service (DoS) state and access privileged information.

The medium-rated vulnerability impacts all versions of the Nvidia GFE, the company’s companion software for GeForce GTX graphics card that keeps drivers up to date and automatically optimizes game settings, installed on Windows machines prior to version 3.20.4.

“Nvidia Windows GPU Display Driver, all versions, contains a vulnerability in the service host component, in which the application resources integrity check may be missed,” Team Green warns. “Such an attack may lead to code execution, denial of service or information disclosure.”

To stay protected, Nvidia recommends that users accept automatic updates or manually install the latest version of the GeForce Experience software from the Nvidiadownloadspage.

“Earlier software branch releases that support this product are also affected,” Nvidia adds. “If you are using an earlier branch release, upgrade to the latest branch release.”

Nvidia has published a second security advisory related to a Linux-based bug in the JetPack SDK that can can lead to escalation of privilege attacks. The bug, CVE‑2020‑5974, has been given an even more alarming 8.8 severity rating.

Get the best Black Friday deals direct to your inbox, plus news, reviews, and more.

Get the best Black Friday deals direct to your inbox, plus news, reviews, and more.

Sign up to be the first to know about unmissable Black Friday deals on top tech, plus get all your favorite TechRadar content.

To protect against this bug, Nvidia recommends you download and install the latest NVIDIA JetPack SDK fromNvidia DevZone.

News of these vulnerabilities comes just weeks afterNvidia patched a number of security vulnerabilities in its GPU Display and CUDA driversas well as its Virtual GPU Manager software.

Carly Page is a Freelance journalist, copywriter and editor specialising in Consumer/B2B technology. She has written for a range of titles including Computer Shopper, Expert Reviews, IT Pro, the Metro, PC Pro, TechRadar and Tes.

Intel Battlemage rumored for December – could new budget GPUs win over gamers neglected by Nvidia and save the Arc brand?

Nvidia RTX 5090 Ti suddenly pops up – and RTX 6000 GPUs are mentioned in trademark filings too – but don’t get excited

Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time