CVE-2019-5674

NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges.

Published: Mar 28, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-5674
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-59

Affected Software
References

Software	From	Fixed in
nvidia / geforce_experience	-	3.18

http://support.lenovo.com/us/en/solutions/LEN-27096
http://www.securityfocus.com/bid/107621
https://nvidia.custhelp.com/app/answers/detail/a_id/4784

Vulnerability Database

289,697

CVE-2019-5674