CVE-2022-42291: 
NVIDIA GeForce Experience vulnerability analysis and mitigation

NVIDIA GeForce Experience contains a vulnerability (CVE-2022-42291) in the installer component, discovered and reported by Minse Kim of DNSLab, Korea University. The vulnerability was disclosed in January 2023 and affects all versions of NVIDIA GeForce Experience prior to 3.27.0.112 on Windows systems. This security issue could potentially lead to data tampering when a user installs the NVIDIA GeForce Experience software (NVIDIA Security, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 8.2 (AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H). The issue occurs in the installer component where a user may inadvertently delete data from a linked location during the installation process. It's worth noting that an attacker does not have explicit control over the exploitation of this vulnerability, as it requires the user to explicitly launch the installer from the compromised directory (NVIDIA Security).

The primary impact of this vulnerability is the potential for data tampering. When exploited, it could lead to the inadvertent deletion of data from linked locations during the installation process. The high severity rating (8.2) indicates significant potential impact, particularly regarding data integrity and availability (NVIDIA Security).

NVIDIA has released a security update to address this vulnerability. Users are advised to update to GeForce Experience version 3.27.0.112 or later. The update can be obtained through the GeForce Experience Downloads page, or users can open the client to automatically apply the security update (NVIDIA Security).