CVE-2023-31014

NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a malicious application on the same device can process the implicit intent meant for the streamer component. A successful exploit of this vulnerability may lead to limited information disclosure, denial of service, and code execution.

CVSS v3 4.8 MEDIUM

4.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.3 / Impact : 3.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5476	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:nvidia:geforce_now:*:*:*:*:*:*:*:*

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

History

22 Sep 2023, 16:08

Type	Values Removed	Values Added
CWE		CWE-668
CPE		cpe:2.3:a:nvidia:geforce_now:::::::: cpe:2.3:o:google:android:-:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.8
References	~~(MISC) https://nvidia.custhelp.com/app/answers/detail/a_id/5476 -~~	(MISC) https://nvidia.custhelp.com/app/answers/detail/a_id/5476 - Vendor Advisory
First Time		Google android Nvidia Nvidia geforce Now Google

20 Sep 2023, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-09-20 02:15

Updated : 2024-02-28 20:33

NVD link : CVE-2023-31014

Mitre link : CVE-2023-31014

CVE.ORG link : CVE-2023-31014

JSON object : View

Products Affected

google

android

nvidia

geforce_now

CWE

CWE-668

Exposure of Resource to Wrong Sphere

CWE-927

Use of Implicit Intent for Sensitive Communication

{"id": "CVE-2023-31014", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.3}, {"type": "Secondary", "source": "psirt@nvidia.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 0.8}]}, "published": "2023-09-20T02:15:20.783", "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5476", "tags": ["Vendor Advisory"], "source": "psirt@nvidia.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-668"}]}, {"type": "Secondary", "source": "psirt@nvidia.com", "description": [{"lang": "en", "value": "CWE-927"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a malicious application on the same device can process the implicit intent meant for the streamer component. A successful exploit of this vulnerability may lead to limited information disclosure, denial of service, and code execution."}, {"lang": "es", "value": "NVIDIA GeForce Now para Android contiene una vulnerabilidad en el componente de inicio del juego, donde una aplicaci\u00f3n maliciosa en el mismo dispositivo puede procesar la intenci\u00f3n impl\u00edcita destinada al componente de transmisi\u00f3n. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar una divulgaci\u00f3n limitada de informaci\u00f3n, denegaci\u00f3n de servicio y ejecuci\u00f3n de c\u00f3digo."}], "lastModified": "2023-09-22T16:08:59.343", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:geforce_now:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8003B3F-0468-4834-874E-46E43ACB7B8F", "versionEndIncluding": "6.04.33108832", "versionStartIncluding": "6.00.32705137"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@nvidia.com"}