CVE-2022-31611: 
NVIDIA GeForce Experience vulnerability analysis and mitigation

CVE-2022-31611 is a security vulnerability discovered in NVIDIA GeForce Experience software affecting all client installers prior to version 3.27.0.112. The vulnerability was disclosed and patched in January 2023, specifically impacting Windows operating systems. The issue was identified by Minse Kim of DNSLab, Korea University (NVIDIA Bulletin).

The vulnerability is classified as an uncontrolled search path vulnerability (CWE-427) in the client installers. It has been assigned a CVSS v3.1 base score of 6.8 (Vector: AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H), indicating a moderate to high severity level (NVIDIA Bulletin, NVD).

The vulnerability could lead to escalation of privileges and code execution on affected systems. An attacker with user-level privileges could potentially exploit this vulnerability to gain elevated access and execute arbitrary code through the installer (NVIDIA Bulletin).

NVIDIA has released a security update to address this vulnerability in GeForce Experience version 3.27.0.112. Users are advised to download and install this software update through the GeForce Experience Downloads page or allow the client to automatically apply the security update (NVIDIA Bulletin).