Nvidia’s Windows GPU driver and the accompanying PC app feature 12 security flaws of varying severity, the company has revealed.
The flaws could lead to a number of dangers, from code execution, to escalation of privileges, to data leaks and denial of service attacks.
The vulnerable app in question is the Nvidia GeForce Experience (GFE), which is tasked with keeping GPU drivers updated, automatic optimisation of game settings and simplifying sharing game highlights and other content.
In order for a hacker to take advantage of the flaw, he/she needs to be physically present at the machine, given that the issues could not be remotely exploited. The hack depended on user interaction to execute the exploit.
The "risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation," according to the security advisories. "NVIDIA recommends consulting a security or IT professional to evaluate the risk to your specific configuration."
A patch has been made available, with Nvidia urging all users to patch their GeForce, Quadro, NVS and Tesla Windows GPU display drivers as soon as possible, by applying the security patch available here. The company said that some driver versions will get the update next week.