Tim Harrison

Name of the Vulnerable Software and Affected Versions: Veracrypt versions prior to 1.23-Hotfix-1 Truecrypt all versions Description: The issue is related to a buffer overflow in the Veracrypt NT Driver (veracrypt.sys) component, which can lead to minor information disclosure of the kernel stack. This can be exploited through locally executed code by sending an IOCTL request to the driver. Recommendations: For Veracrypt versions prior to 1.23-Hotfix-1, update to version 1.23-Hotfix-1 to resolve the issue. For Truecrypt, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the Veracrypt NT Driver (veracrypt.sys) to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NVIDIA GeForce Experience versions prior to 3.10.0.55 **Description** The issue arises from a lack of validation of a value passed from a user to the driver in the NVISystemService64 component of the NVIDIA Installer Framework. This could potentially lead to a denial of service or possible escalation of privileges. **Recommendations** For versions prior to 3.10.0.55, update to version 3.10.0.55 or later to resolve the issue.