NVContainer Symlink Privilege Escalation in NVIDIA GeForce Experience
CVE-2022-42292 Published on February 12, 2023

NVIDIA GeForce Experience contains a vulnerability in the NVContainer component, where a user without administrator privileges can create a symbolic link to a file that requires elevated privileges to write to or modify, which may lead to denial of service, escalation of privilege or limited data tampering.

NVD

Vulnerability Analysis

CVE-2022-42292 is exploitable with local system access, requires user interaction and a small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and a high impact on availability.

Attack Vector:
LOCAL
Attack Complexity:
HIGH
Privileges Required:
LOW
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
LOW
Availability Impact:
HIGH

Weakness Type

What is an insecure temporary file Vulnerability?

The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

CVE-2022-42292 has been classified to as an insecure temporary file vulnerability or weakness.


Products Associated with CVE-2022-42292

Want to know whenever a new CVE is published for NVIDIA Geforce Experience? stack.watch will email you.

NVIDIA Geforce Experience
 

Affected Versions

NVIDIA GeForce Experience Version All versions prior to 3.27.0.112 is affected by CVE-2022-42292

Exploit Probability

EPSS
0.05%
Percentile
14.82%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.