CVE-2022-31611
First published: Tue Feb 07 2023(Updated: )
NVIDIA GeForce Experience contains an uncontrolled search path vulnerability in all its client installers, where an attacker with user level privileges may cause the installer to load an arbitrary DLL when the installer is launched. A successful exploit of this vulnerability could lead to escalation of privileges and code execution.
Credit: psirt@nvidia.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NVIDIA GeForce Experience | <3.27.0.112 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-31611?
CVE-2022-31611 is a vulnerability found in NVIDIA GeForce Experience where an attacker with user level privileges may cause the installer to load an arbitrary DLL when the installer is launched.
What is the severity of CVE-2022-31611?
The severity of CVE-2022-31611 is high with a severity rating of 7.3.
How does CVE-2022-31611 affect NVIDIA GeForce Experience?
CVE-2022-31611 affects all client installers of NVIDIA GeForce Experience, allowing an attacker with user level privileges to load an arbitrary DLL when the installer is launched.
How can CVE-2022-31611 be exploited?
CVE-2022-31611 can be exploited by an attacker with user level privileges launching the NVIDIA GeForce Experience installer, causing it to load an arbitrary DLL.
Is Microsoft Windows affected by CVE-2022-31611?
No, Microsoft Windows is not vulnerable to CVE-2022-31611.
- collector/nvd-index
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/nvidia
- canonical/nvidia geforce experience
- vendor/microsoft
- canonical/microsoft windows