NVIDIA issued a security update for the Windows NVIDIA GeForce Experience (GFE) software to patch two vulnerabilities that could make it possible for potential local attackers to launch attacks that may lead to code execution, escalation of privileges, and denial-of-service (DoS) attacks. While the two vulnerabilities require the would-be attackers to have local user access and cannot be exploited remotely, they can still be abused by dropping malicious tools remotely. NVIDIA rated the security issues as high severity and the CVSS V3 base scores assigned by NVIDIA.
Source: https://www.bleepingcomputer.com/news/security/nvidia-fixes-high-severity-geforce-experience-vulnerabilities/