CVE-2022-42291
CVE-2022-42291
In short
NVIDIA GeForce Experience installer has a flaw that can accidentally delete data from linked folders during installation. This happens only if a user runs the installer from a compromised directory, putting their files at risk of being tampered with.
Technical detail
The vulnerability exists in the NVIDIA GeForce Experience installer's file handling logic, where improper path resolution during installation can lead to unintended deletion of data in linked locations. Exploitation requires user interaction (launching the installer from a compromised directory) and results in data tampering via unintended file deletion.
Summary generated and translated by AI from the official description.
NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering. An attacker does not have explicit control over the exploitation of this vulnerability, which requires the user to explicitly launch the installer from the compromised directory.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H
Affected products
NVIDIA · GeForce ExperienceWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →