CVE-2022-42291 HIGH

CVE-2022-42291

Vendor Nvidia

Product GeForce Experience

Weakness CWE-1386

Published February 7, 2023

Last update March 25, 2025

View on NVD All CVEs

CVSS base score

8.2/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality None

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H

What the vulnerability does

01Description

NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering. An attacker does not have explicit control over the exploitation of this vulnerability, which requires the user to explicitly launch the installer from the compromised directory.

Key dates

02Disclosure timeline

February 7, 2023 CVE published

March 25, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-42291 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/1386.html

Related vulnerabilities

Identifiers

CVE CVE-2022-42291

CWE CWE-1386

CVSS 8.2 / HIGH

Affected versions