Login Sign Up

CVE-2022-42291

8.2 HIGH

📋 TL;DR

NVIDIA GeForce Experience installer contains a vulnerability where users installing the software from a compromised directory may inadvertently delete data from linked locations, potentially leading to data tampering. This affects users installing NVIDIA GeForce Experience software. The vulnerability requires user interaction and specific conditions to be exploited.

💻 Affected Systems

Products:
  • NVIDIA GeForce Experience
Versions: All versions prior to 3.27.0.112
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Windows installations where users run installer from directories containing symbolic links or junctions.

📦 What is this software?

Geforce Experience by Nvidia

View all CVEs affecting Geforce Experience →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Critical data loss or tampering if user installs from a directory containing malicious symlinks or junctions pointing to sensitive system locations.

🟠

Likely Case

Accidental data deletion from user directories when installing from locations with symbolic links, requiring specific user actions.

🟢

If Mitigated

No impact if users install from trusted directories without symbolic links or if software is already patched.

🌐 Internet-Facing: LOW - Requires local user interaction and specific installation conditions.
🏢 Internal Only: MEDIUM - Internal users could be tricked into installing from malicious directories, but requires social engineering.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires user to explicitly launch installer from compromised directory containing malicious symlinks. No direct remote exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.27.0.112 and later

Vendor Advisory: https://nvidia.custhelp.com/app/answers/detail/a_id/5384

Restart Required: Yes

Instructions:

1. Open NVIDIA GeForce Experience. 2. Click the settings gear icon. 3. Check for updates. 4. If update available, install version 3.27.0.112 or later. 5. Restart system after installation.

🔧 Temporary Workarounds

Safe Installation Directory

windows

Always install NVIDIA GeForce Experience from trusted directories without symbolic links or junctions.

Disable Symbolic Link Creation

windows

Restrict creation of symbolic links to prevent malicious directory structures.

gpedit.msc -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment -> Create symbolic links

🧯 If You Can't Patch

  • Educate users to only install software from trusted directories without symbolic links
  • Implement application whitelisting to control software installation locations

🔍 How to Verify

Check if Vulnerable:

Check NVIDIA GeForce Experience version in settings. If version is below 3.27.0.112, system is vulnerable.

Check Version:

In NVIDIA GeForce Experience: Settings -> General -> Version

Verify Fix Applied:

Verify version is 3.27.0.112 or higher in NVIDIA GeForce Experience settings.

📡 Detection & Monitoring

Log Indicators:

  • Windows Event Logs showing file deletion events during NVIDIA installer execution
  • Application logs showing GeForce Experience installation from unusual directories

Network Indicators:

  • No network indicators - local vulnerability only

SIEM Query:

EventID=4663 AND ProcessName="*GeForce*" AND AccessMask="0x10000" (Delete)

📊 Metadata

CVE ID: CVE-2022-42291
CVSS v3 Score: 8.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H
CWE: CWE-1386
Published: February 7, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON