CVE-2019-5674
HIGHNVIDIA GeForce Experience < 3.18 - Unauthenticated Privilege Escalation via Hard Link Attack
Title source: llmDescription
NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
https://nvidia.custhelp.com/app/answers/detail/a_id/4784
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/107621
Various Sources x_refsource_confirm
http://support.lenovo.com/us/en/solutions/LEN-27096
Scores
CVSS v3
7.0
EPSS
0.0020
EPSS Percentile
41.3%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-59
Status
published
Products (1)
nvidia/geforce_experience
< 3.18
Published
Mar 28, 2019
Tracked Since
Feb 18, 2026