Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-42291

CVSS 8.2 · High EPSS 0.13% · P32
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-42291

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering. An attacker does not have explicit control over the exploitation of this vulnerability, which requires the user to explicitly launch the installer from the compromised directory.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-1386
Source: NVD (National Vulnerability Database)
Vulnerability Title
NVIDIA GeForce Experience 后置链接漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
NVIDIA GeForce Experience是美国NVIDIA公司的一套显卡自动更新工具。该产品能够自动更新显卡驱动程序,并支持显卡性能管理和优化等。ecto是elixir-ecto开源的一个用于数据映射和语言集成查询的工具包。 NVIDIA GeForce Experience存在安全漏洞,该漏洞源于在安装程序中存在漏洞,安装软件的用户可能会无意中删除链接位置的数据,从而导致数据篡改。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
NVIDIAGeForce Experience All versions prior to 3.27.0.112 -

II. Public POCs for CVE-2022-42291

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-42291

登录查看更多情报信息。

Same Patch Batch · NVIDIA · 2023-02-07 · 3 CVEs total

CVE-2022-316116.8 MEDIUMNVIDIA GeForce Experience 代码问题漏洞
CVE-2022-422925.0 MEDIUMNVIDIA GeForce Experience 后置链接漏洞

IV. Related Vulnerabilities

Same product: GeForce Experience
Same vendor: NVIDIA
Same weakness: CWE-1386

V. Comments for CVE-2022-42291

No comments yet

Leave a comment