Description
NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service, affecting other resources beyond the intended security authority of GameStream.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://nvidia.custhelp.com/app/answers/detail/a_id/5295
Scores
CVSS v3
8.2
EPSS
0.0009
EPSS Percentile
26.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Details
CWE
CWE-863
Status
published
Products (1)
nvidia/geforce_experience
< 3.24.0.126
Published
Dec 23, 2021
Tracked Since
Feb 18, 2026