CVE-2022-42292: 
NVIDIA GeForce Experience vulnerability analysis and mitigation

NVIDIA GeForce Experience contains a vulnerability (CVE-2022-42292) in the NVContainer component that was disclosed in January 2023. The vulnerability affects all versions of GeForce Experience prior to 3.27.0.112 on Windows systems. This security issue allows users without administrator privileges to create symbolic links to files requiring elevated privileges (NVIDIA Bulletin).

The vulnerability exists in the NVContainer component of NVIDIA GeForce Experience, where unprivileged users can create symbolic links to files that require elevated privileges for writing or modification. The vulnerability has been assigned a CVSS v3.1 base score of 5.0 (AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H), indicating a medium severity level with local access required (NVIDIA Bulletin).

The exploitation of this vulnerability can lead to multiple security impacts including denial of service, escalation of privilege, and limited data tampering. The vulnerability specifically affects systems where users without administrator privileges can manipulate file permissions through symbolic links (NVIDIA Bulletin, CVE Mitre).

NVIDIA has released a security update to address this vulnerability. Users are advised to update to GeForce Experience version 3.27.0.112 or later. The update can be obtained through the GeForce Experience Downloads page or by opening the client to automatically apply the security update (NVIDIA Bulletin).