MidnightBSD

Advisories for nvidia

CVE-2011-0636 LOW

The (1) cudaHostAlloc and (2) cuMemHostAlloc functions in the NVIDIA CUDA Toolkit 3.2 developer drivers for Linux 260.19.26, and possibly other versions, do not initialize pinned memory, which allows local users to read potentially sensitive memory, such as file fragments during read or write operations.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
nvidia cuda_toolkit 3.2
CVE-2011-2602 HIGH

The NVIDIA Geforce 310 driver 6.14.12.7061 on Windows XP SP3 allows remote attackers to cause a denial of service (system crash) via a crafted web page that is visited with Google Chrome or Mozilla Firefox, as demonstrated by the lots-of-polys-example.html test page in the Khronos WebGL SDK.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
nvidia geforce_310_driver 6.14.12.7061
CVE-2011-2603 HIGH

The NVIDIA 9400M driver 6.2.6 on Mac OS X 10.6.7 allows remote attackers to cause a denial of service (desktop hang) via a crafted web page that is visited with Google Chrome or Mozilla Firefox, as demonstrated by the lots-of-polys-example.html test page in the Khronos WebGL SDK.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
nvidia 9400m_driver 6.2.6
CVE-2011-4784 HIGH

The NVIDIA Stereoscopic 3D driver before 7.17.12.7565 does not properly handle commands sent to a named pipe, which allows local users to gain privileges via a crafted application.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
nvidia stereoscopic_3d_driver *
CVE-2012-0946 MEDIUM

The NVIDIA UNIX driver before 295.40 allows local users to access arbitrary memory locations by leveraging GPU device-node read/write privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
nvidia unix_driver *
CVE-2013-0109 HIGH

The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not properly handle exceptions, which allows local users to gain privileges or cause a denial of service (memory overwrite) via a crafted application.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
nvidia display_driver *
nvidia display_driver 310.00
CVE-2013-0110 MEDIUM

nvSCPAPISvr.exe in the NVIDIA Stereoscopic 3D Driver service, as distributed with the NVIDIA driver before 307.78, and Release 310 before 311.00, on Windows, lacks " (double quote) characters in the service path, which allows local users to gain privileges via a Trojan horse program.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
nvidia driver *
nvidia driver 310.00
CVE-2013-0111 MEDIUM

daemonu.exe (aka the NVIDIA Update Service Daemon), as distributed with the NVIDIA driver before 307.78, and Release 310 before 311.00, on Windows, lacks " (double quote) characters in the service path, which allows local users to gain privileges via a Trojan horse program.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
nvidia driver *
nvidia driver 310.00
CVE-2013-0131 HIGH

Buffer overflow in the NVIDIA GPU driver before 304.88, 310.x before 310.44, and 313.x before 313.30 for the X Window System on UNIX, when NoScanout mode is enabled, allows remote authenticated users to execute arbitrary code via a large ARGB cursor.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
nvidia gpu_driver *
nvidia gpu_driver 195.22
nvidia gpu_driver 313.00
nvidia gpu_driver 310.00
CVE-2013-5986 HIGH

Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 has unknown impact and attack vectors, a different vulnerability than CVE-2013-5987.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia gpu_driver 325.00
nvidia gpu_driver 304.00
nvidia gpu_driver 319.00
nvidia gpu_driver 331.00
nvidia gpu_driver 310.00
CVE-2013-5987 HIGH

Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 allows local users to bypass intended access restrictions for the GPU and gain privileges via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia gpu_driver 325.00
nvidia gpu_driver 304.00
nvidia gpu_driver 319.00
nvidia gpu_driver 331.00
apple mac_os_x 10.9.1
nvidia gpu_driver 310.00
CVE-2014-8298 HIGH

The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R331.113, R340.x before R340.65, R343.x before R343.36, and R346.x before R346.22, Linux for Tegra (L4T) driver before R21.2, and Chrome OS driver before R40 allows remote attackers to cause a denial of service (segmentation fault and X server crash) or possibly execute arbitrary code via a crafted GLX indirect rendering protocol request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-19,

Products Affected

Vendor Product Version
nvidia gpu_driver r331.00
nvidia gpu_driver r343.36
nvidia gpu_driver r304.125
nvidia gpu_driver r340.00
nvidia gpu_driver *
nvidia gpu_driver r331.112
nvidia gpu_driver r343.00
nvidia gpu_driver r346.00
nvidia gpu_driver r340.65
nvidia gpu_driver r346.22
CVE-2015-1170 HIGH

The NVIDIA Display Driver R304 before 309.08, R340 before 341.44, R343 before 345.20, and R346 before 347.52 does not properly validate local client impersonation levels when performing a "kernel administrator check," which allows local users to gain administrator privileges via unspecified API calls.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
nvidia gpu_driver_r340 *
nvidia gpu_driver_r304 *
nvidia gpu_driver_r346 *
nvidia gpu_driver_r343 *
CVE-2015-3625 HIGH

The NVIDIA GPU driver for FreeBSD R352 before 352.09, 346 before 346.72, R349 before 349.16, R343 before 343.36, R340 before 340.76, R337 before 337.25, R334 before 334.21, R331 before 331.113, and R304 before 304.125 allows local users with certain permissions to read or write arbitrary kernel memory via unspecified vectors that trigger an untrusted pointer dereference.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2015-5053 HIGH

The host memory mapping path feature in the NVIDIA GPU graphics driver R346 before 346.87 and R352 before 352.41 for Linux and R352 before 352.46 for GRID vGPU and vSGA does not properly restrict access to third-party device IO memory, which allows attackers to gain privileges, cause a denial of service (resource consumption), or possibly have unspecified other impact via unknown vectors related to the follow_pfn kernel-mode API call.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
nvidia gpu_driver 346.47
nvidia gpu_driver 346.59
nvidia gpu_driver 346.82
nvidia gpu_driver 352.09
nvidia gpu_driver 346.22
nvidia gpu_driver 352.30
nvidia gpu_driver 346.72
nvidia gpu_driver 352.41
nvidia gpu_driver 346.16
nvidia gpu_driver 346.35
nvidia gpu_driver 352.21
CVE-2015-5950 MEDIUM

The NVIDIA display driver R352 before 353.82 and R340 before 341.81 on Windows; R304 before 304.128, R340 before 340.93, and R352 before 352.41 on Linux; and R352 before 352.46 on GRID vGPU and vSGA allows local users to write to an arbitrary kernel memory location and consequently gain privileges via a crafted ioctl call.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
nvidia display_driver 304.119
nvidia gpu_driver *
nvidia display_driver *
nvidia display_driver 304.123
nvidia display_driver 340.43
nvidia display_driver 304.121
nvidia display_driver 304.108
nvidia display_driver 352.21
nvidia display_driver 341.44
nvidia display_driver 340.52
nvidia display_driver 304.125
nvidia display_driver 353.06
nvidia display_driver 352.30
CVE-2015-7865 HIGH

nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows does not properly restrict access to the stereosvrpipe named pipe, which allows local users to gain privileges via a commandline in a number 2 command, which is stored in the HKEY_LOCAL_MACHINE explorer Run registry key, a different vulnerability than CVE-2011-4784.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2015-7866 HIGH

Unquoted Windows search path vulnerability in the Smart Maximize Helper (nvSmartMaxApp.exe) in the Control Panel in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows allows local users to gain privileges via a Trojan horse application, as demonstrated by C:\Program.exe.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2015-7869 MEDIUM

Multiple integer overflows in the kernel mode driver for the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows and R304 before 304.131, R340 before 340.96, R352 before 352.63, and R358 before 358.16 on Linux allow local users to obtain sensitive information, cause a denial of service (crash), or possibly gain privileges via unknown vectors, which trigger uninitialized or out of bounds memory access. NOTE: this identifier has been SPLIT per ADT2 and ADT3 due to different vulnerability type and affected versions. See CVE-2015-8328 for the vulnerability in the NVAPI support layer in NVIDIA drivers for Windows.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 15.10
canonical ubuntu_linux 15.04
canonical ubuntu_linux 12.04
nvidia gpu_driver *
nvidia gpu_driver 346.22
CVE-2015-8328 MEDIUM

Unspecified vulnerability in the NVAPI support layer in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows allows local users to obtain sensitive information, cause a denial of service (crash), or possibly gain privileges via unknown vectors. NOTE: this identifier was SPLIT from CVE-2015-7869 per ADT2 and ADT3 due to different vulnerability types and affected versions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2016-2556 HIGH

The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows improperly allows access to restricted functionality, which allows local users to gain privileges via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
nvidia gpu_driver_r340 *
nvidia gpu_driver_r352 *
CVE-2016-2557 HIGH

The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information from kernel memory, cause a denial of service (crash), or possibly gain privileges via unspecified vectors, which trigger uninitialized or out-of-bounds memory access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
nvidia gpu_driver_r340 431.61
nvidia gpu_driver_r352 353.82
CVE-2016-2558 HIGH

The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information, cause a denial of service (crash), or gain privileges via unspecified vectors related to an untrusted pointer, which trigger uninitialized or out-of-bounds memory access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
nvidia gpu_driver_r340 431.61
nvidia gpu_driver_r352 353.82
CVE-2016-3161 HIGH

For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-3161 ID is for the GameStream unquoted service path.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
nvidia geforce_experience *
CVE-2016-4959 HIGH

For the NVIDIA Quadro, NVS, and GeForce products, there is a Remote Desktop denial of service. A successful exploit of a vulnerable system will result in a kernel null pointer dereference, causing a blue screen crash.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2016-4960 MEDIUM

For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA NVStreamKMS.sys service component is improperly validating user-supplied data through its API entry points causing an elevation of privilege.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
nvidia geforce_experience -
CVE-2016-4961 MEDIUM

For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVStreamKMS.sys API layer caused a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
nvidia geforce_experience *
CVE-2016-5025 MEDIUM

For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVAPI support layer causes a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2016-5852 HIGH

For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-5852 ID is for the NVTray Plugin unquoted service path.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
nvidia geforce_experience *
CVE-2016-6915 HIGH

Stack-based buffer overflow in nvhost_job.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, Shield Table before OTA 4.4, and Shield Table TK1 before OTA 1.5.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
nvidia shield_tablet_tk1_firmware *
nvidia shield_tablet_firmware *
nvidia shield_tv_firmware *
nvidia video_driver -
CVE-2016-6916 HIGH

Integer overflow in nvhost_job.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, Shield Table before OTA 4.4, and Shield Table TK1 before OTA 1.5 allows local users to cause a denial of service (system crash) via unspecified vectors, which triggers a buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
nvidia shield_tablet_tk1_firmware *
nvidia shield_tablet_firmware *
nvidia shield_tv_firmware *
nvidia video_driver -
CVE-2016-6917 HIGH

Buffer overflow in nvhost_job.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, Shield Table before OTA 4.4, and Shield Table TK1 before OTA 1.5.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
nvidia shield_tablet_tk1_firmware *
nvidia shield_tablet_firmware *
nvidia shield_tv_firmware *
nvidia video_driver -
CVE-2016-7381 HIGH

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a user input to index an array is not bounds checked, leading to denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2016-7382 HIGH

For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys for Windows or nvidia.ko for Linux) handler where a missing permissions check may allow users to gain access to arbitrary physical memory, leading to an escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-275,

Products Affected

Vendor Product Version
nvidia gpu_driver 340.98
nvidia gpu_driver 367.54
nvidia gpu_driver 304.131
nvidia gpu_driver 361.93.02
nvidia gpu_driver 367.44
nvidia gpu_driver 370.23
CVE-2016-7383 MEDIUM

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in a memory mapping API in the kernel mode layer (nvlddmkm.sys) handler, leading to denial of service or potential escalation of privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2016-7384 HIGH

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) where unchecked input/output lengths in UVMLiteController Device IO Control handling may lead to denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2016-7385 HIGH

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x700010d where a value passed from a user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2016-7386 LOW

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x70000D4 which may lead to leaking of kernel memory contents to user space through an uninitialized buffer.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2016-7387 HIGH

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x600000D where a value passed from a user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2016-7388 HIGH

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2016-7389 HIGH

For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Display Driver on Linux R304 before 304.132, R340 before 340.98, R367 before 367.55, R361_93 before 361.93.03, and R370 before 370.28 contains a vulnerability in the kernel mode layer (nvidia.ko) handler for mmap() where improper input validation may allow users to gain access to arbitrary physical memory, leading to an escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
nvidia gpu_driver 361.91
nvidia gpu_driver 368.81
nvidia gpu_driver 304.79
nvidia gpu_driver 365.19
nvidia gpu_driver 340.52
CVE-2016-7390 HIGH

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x7000194 where a value passed from a user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2016-7391 HIGH

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x100010b where a missing array bounds check can allow a user to write to kernel memory, leading to denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2016-8805 HIGH

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x7000014 where a value passed from an user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2016-8806 HIGH

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x5000027 where a pointer passed from an user to the driver is used without validation, leading to denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2016-8807 HIGH

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x10000e9 where a value is passed from an user to the driver is used without validation as the size input to memcpy() causing a stack buffer overflow, leading to denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2016-8808 HIGH

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x70000d5 where a value passed from an user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2016-8809 HIGH

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x70001b2 where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-264,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2016-8810 HIGH

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x100009a where a value passed from an user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2016-8811 HIGH

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x7000170 where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2016-8812 HIGH

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before GFE 3.1.0.52 contains a vulnerability in the kernel mode layer (nvstreamkms.sys) allowing a user to cause a stack buffer overflow with specially crafted executable paths, leading to a denial of service or escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
nvidia geforce_experience *
CVE-2016-8813 HIGH

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where multiple pointers are used without checking for NULL, leading to denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2016-8814 HIGH

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where multiple pointers are used without checking for NULL, leading to denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2016-8815 HIGH

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the index to an array, leading to denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-129,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2016-8816 HIGH

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the index to an array, leading to denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-129,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2016-8817 HIGH

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the size input to memcpy(), causing a buffer overflow, leading to denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2016-8818 HIGH

All versions of NVIDIA Windows GPU Display contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a pointer passed from a user to the driver is used without validation, leading to denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2016-8819 HIGH

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a handle to a kernel object may be returned to the user, leading to possible denial of service or escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-775,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2016-8820 MEDIUM

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a check on a function return value is missing, potentially allowing an uninitialized value to be used as the source of a strcpy() call, leading to denial of service or information disclosure.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-200,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2016-8821 HIGH

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where improper access controls may allow a user to access arbitrary physical memory, leading to an escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2016-8822 HIGH

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x600000E, 0x600000F, and 0x6000010 where a value passed from a user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2016-8823 HIGH

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where the size of an input buffer is not validated leading to a denial of service or possible escalation of privileges

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2016-8824 HIGH

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where improper access controls allow a regular user to write a part of the registry intended for privileged users only, leading to escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2016-8825 HIGH

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2016-8826 MEDIUM

All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys for Windows or nvidia.ko for Linux) where a user can cause a GPU interrupt storm, leading to a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2016-8827 MEDIUM

NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
nvidia geforce_experience *
CVE-2017-0308 HIGH

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where untrusted input is used for buffer size calculation leading to denial of service or escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-0309 HIGH

All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where multiple integer overflows may cause improper memory allocation leading to a denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-0310 MEDIUM

All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper access controls allowing unprivileged user to cause a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-0311 HIGH

NVIDIA GPU Display Driver R378 contains a vulnerability in the kernel mode layer handler where improper access control may lead to denial of service or possible escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-732,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-0312 HIGH

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscapeID 0x100008b where user provided input is used as the limit for a loop may lead to denial of service or potential escalation of privileges

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-0313 HIGH

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where untrusted input is used to reference memory outside of the intended boundary of the buffer leading to denial of service or escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-0314 HIGH

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where untrusted input is used to reference memory outside of the intended boundary of the buffer leading to denial of service or escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-0315 HIGH

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an attempt to access an invalid object pointer may lead to denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-0316 MEDIUM

In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
nvidia geforce_experience *
CVE-2017-0317 MEDIUM

All versions of NVIDIA GPU and GeForce Experience installer contain a vulnerability where it fails to set proper permissions on the package extraction path thus allowing a non-privileged user to tamper with the extracted files, potentially leading to escalation of privileges via code execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-0318 MEDIUM

All versions of NVIDIA Linux GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper validation of an input parameter may cause a denial of service on the system.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-0319 MEDIUM

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper handling of values may cause a denial of service on the system.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-0320 MEDIUM

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper handling of values may cause a denial of service on the system.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-0321 HIGH

All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-0322 HIGH

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where a value passed from a user to the driver is not correctly validated and used as the index to an array, leading to denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-129,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-0323 HIGH

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-0324 HIGH

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-0341 HIGH

All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where user provided input can trigger an access to a pointer that has not been initialized which may lead to denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-0342 HIGH

All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where incorrect calculation may cause an invalid address access leading to denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-682,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-0343 MEDIUM

All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) where user can trigger a race condition due to lack of synchronization in two functions leading to a denial of service or potential escalation of privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-0344 HIGH

All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape may allow users to gain access to arbitrary physical memory, leading to escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-0345 HIGH

All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where user provided input used as an array size is not correctly validated allows out of bound access in kernel memory and may lead to denial of service or potential escalation of privileges

CVSS 2.0

Severity: HIGH

Problem Type: CWE-129,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-0346 HIGH

All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-0347 HIGH

All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array, which may lead to denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-129,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-0348 HIGH

All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-0349 HIGH

All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from a user to the driver is not correctly validated before it is dereferenced for a write operation, may lead to denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-0350 HIGH

All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used in an offset calculation may lead to denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-0351 HIGH

All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-0352 HIGH

All versions of the NVIDIA GPU Display Driver contain a vulnerability in the GPU firmware where incorrect access control may allow CPU access sensitive GPU control registers, leading to an escalation of privileges

CVSS 2.0

Severity: HIGH

Problem Type: CWE-732,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-0353 MEDIUM

All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where due to improper locking on certain conditions may lead to a denial of service

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-0354 MEDIUM

All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgkDdiEscape where a call to certain function requiring lower IRQL can be made under raised IRQL which may lead to a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-0355 MEDIUM

All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgkDdiEscape where it may access paged memory while holding a spinlock, leading to a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-0866 HIGH

An elevation of privilege vulnerability in the Direct rendering infrastructure of the NVIDIA Tegra X1 where an unchecked input from userspace is passed as a pointer to kfree. This could lead to kernel memory corruption and possible code execution. This issue is rated as moderate. Product: Pixel. Version: N/A. Android ID: A-38415808. References: N-CVE-2017-0866.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
nvidia tegra_x1_firmware -
CVE-2017-1000251 HIGH

The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_eus 6.7
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_eus 7.7
linux linux_kernel *
debian debian_linux 8.0
nvidia jetson_tx1 r24
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 6.2
redhat enterprise_linux_server_aus 6.6
redhat enterprise_linux_server_eus 7.5
nvidia jetson_tk1 r24
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_aus 6.4
redhat enterprise_linux_server_eus 7.3
redhat enterprise_linux_server_tus 6.6
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_aus 7.7
nvidia jetson_tx1 r21
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.3
debian debian_linux 9.0
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server_eus 7.2
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_tus 6.5
redhat enterprise_linux_server_tus 7.6
nvidia jetson_tk1 r21
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server 6.0
CVE-2017-14491 HIGH

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
nvidia geforce_experience *
arubanetworks arubaos *
redhat enterprise_linux_desktop 6.0
debian debian_linux 8.0
suse linux_enterprise_point_of_sale 11
siemens ruggedcom_rm1224_firmware *
huawei honor_v9_play_firmware *
siemens scalance_s615_firmware *
suse linux_enterprise_server 12
canonical ubuntu_linux 14.04
redhat enterprise_linux_server 7.0
debian debian_linux 7.0
synology diskstation_manager 5.2
canonical ubuntu_linux 17.04
opensuse leap 42.3
synology diskstation_manager 6.0
redhat enterprise_linux_workstation 6.0
suse linux_enterprise_server 11
redhat enterprise_linux_desktop 7.0
synology diskstation_manager 6.1
debian debian_linux 9.0
nvidia linux_for_tegra *
debian debian_linux 7.1
opensuse leap 42.2
siemens scalance_m-800_firmware *
canonical ubuntu_linux 12.04
arista eos *
suse linux_enterprise_debuginfo 11
siemens scalance_w1750d_firmware *
thekelleys dnsmasq *
canonical ubuntu_linux 16.04
redhat enterprise_linux_workstation 7.0
synology router_manager 1.1
redhat enterprise_linux_server 6.0
CVE-2017-5925 MEDIUM

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
amd e-350 -
intel core_i7-3632qm -
intel atom_c2750 -
intel xeon_e5-2658_v2 -
intel core_i7-4500u -
amd phenom_9550_4-core -
intel celeron_n2840 -
intel core_i7-2620qm -
samsung exynos_5800 -
nvidia tegra_k1_cd570m-a1 -
amd fx-8350_8-core -
amd fx-8320_8-core -
nvidia tegra_k1_cd580m-a1 -
intel core_i7_920 -
intel xeon_e3-1240_v5 -
allwinner a64 -
intel core_i7-6700k -
intel core_i5_m480 -
amd athlon_ii_640_x4 -
amd fx-8120_8-core -
CVE-2017-5926 MEDIUM

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
amd e-350 -
intel core_i7-3632qm -
intel atom_c2750 -
intel xeon_e5-2658_v2 -
intel core_i7-4500u -
amd phenom_9550_4-core -
intel celeron_n2840 -
intel core_i7-2620qm -
samsung exynos_5800 -
nvidia tegra_k1_cd570m-a1 -
amd fx-8350_8-core -
amd fx-8320_8-core -
nvidia tegra_k1_cd580m-a1 -
intel core_i7_920 -
intel xeon_e3-1240_v5 -
allwinner a64 -
intel core_i7-6700k -
intel core_i5_m480 -
amd athlon_ii_640_x4 -
amd fx-8120_8-core -
CVE-2017-5927 MEDIUM

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
amd e-350 -
intel core_i7-3632qm -
intel atom_c2750 -
intel xeon_e5-2658_v2 -
intel core_i7-4500u -
amd phenom_9550_4-core -
intel celeron_n2840 -
intel core_i7-2620qm -
samsung exynos_5800 -
nvidia tegra_k1_cd570m-a1 -
amd fx-8350_8-core -
amd fx-8320_8-core -
nvidia tegra_k1_cd580m-a1 -
intel core_i7_920 -
intel xeon_e3-1240_v5 -
allwinner a64 -
intel core_i7-6700k -
intel core_i5_m480 -
amd athlon_ii_640_x4 -
amd fx-8120_8-core -
CVE-2017-6250 MEDIUM

NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia geforce_experience *
CVE-2017-6251 HIGH

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a missing permissions check may allow users to gain access to arbitrary physical system memory, which may lead to an escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-862,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-6252 HIGH

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to a denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-6253 HIGH

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated which may lead to denial of service or potential escalation of privileges

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2017-6254 HIGH

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from an user to the driver is used without validation which may lead to denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2017-6255 HIGH

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an improper input parameter handling may lead to a denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2017-6256 MEDIUM

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or potential escalation of privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2017-6257 HIGH

NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-6259 HIGH

NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect detection and recovery from an invalid state produced by specific user actions may lead to denial of service.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-6260 MEDIUM

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer helper function where an incorrect calculation of string length may lead to denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-6261 MEDIUM

NVIDIA Vibrante Linux version 1.1, 2.0, and 2.2 contains a vulnerability in the user space driver in which protection mechanisms are insufficient, may lead to denial of service or information disclosure.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-693,CWE-20,

Products Affected

Vendor Product Version
nvidia vibrante_linux 2.0
nvidia vibrante_linux 1.1
nvidia vibrante_linux 2.2
CVE-2017-6266 MEDIUM

NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where improper access controls could allow unprivileged users to cause a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-6267 MEDIUM

NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop which may lead to a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-665,CWE-835,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-6268 HIGH

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or possible escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-6269 HIGH

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from a user to the driver is used without validation which may lead to denial of service or possible escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-6270 MEDIUM

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation during a calculation which may lead to a potential divide by zero and denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-6271 MEDIUM

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation while processing block linear information which may lead to a potential divide by zero and denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-6272 HIGH

NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to a denial of service or possible escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2017-6273 MEDIUM

NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader component where there is the potential to write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or possible escalation of privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
nvidia adsp_firmware -
CVE-2017-6277 HIGH

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or possible escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2017-6278 MEDIUM

NVIDIA Tegra kernel contains a vulnerability in the CORE DVFS Thermal driver where there is the potential to read or write a buffer using an index or pointer that references a memory location after the end of the buffer, which may lead to a denial of service or possible escalation of privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
nvidia tegra_k1_firmware *
nvidia jetson_tx1_firmware *
nvidia jetson_tk1_firmware *
CVE-2017-6282 HIGH

NVIDIA Tegra kernel driver contains a vulnerability in NVMAP where an attacker has the ability to write an arbitrary value to an arbitrary location which may lead to an escalation of privileges. This issue is rated as high.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-123,

Products Affected

Vendor Product Version
google android -
nvidia shield_tv_firmware *
CVE-2017-6283 MEDIUM

NVIDIA Security Engine contains a vulnerability in the RSA function where the keyslot read/write lock permissions are cleared on a chip reset which may lead to information disclosure. This issue is rated as high.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
google android -
nvidia shield_tv_firmware *
CVE-2017-6284 LOW

NVIDIA Security Engine contains a vulnerability in the Deterministic Random Bit Generator (DRBG) where the DRBG does not properly initialize and store or transmits sensitive data using a weakened encryption scheme that is unable to protect sensitive data which may lead to information disclosure.This issue is rated as moderate.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,CWE-326,

Products Affected

Vendor Product Version
google android -
nvidia shield_tv_firmware *
CVE-2017-6295 LOW

NVIDIA TrustZone Software contains a vulnerability in the Keymaster implementation where the software reads data past the end, or before the beginning, of the intended buffer; and may lead to denial of service or information disclosure. This issue is rated as high.

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,

Products Affected

Vendor Product Version
google android -
nvidia shield_tv_firmware *
CVE-2017-6296 MEDIUM

NVIDIA TrustZone Software contains a TOCTOU issue in the DRM application which may lead to the denial of service or possible escalation of privileges. This issue is rated as moderate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
google android -
nvidia shield_tv_firmware *
CVE-2018-3639 LOW

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-203,

Products Affected

Vendor Product Version
intel xeon_e3_1225_v6 -
microsoft surface_book 2
intel xeon_e5_2648l_v4 -
intel atom_c c3758
debian debian_linux 8.0
intel xeon_e3 1558l_v5
intel xeon_e5 2680
intel xeon_e7 8880_v3
intel xeon_e3 1220_
intel xeon_e5 2658_v2
intel xeon_e3_1501m_v6 -
intel xeon_silver 4108
intel xeon_gold 86134m
intel xeon_e5 2690
siemens simatic_ipc547e_firmware *
intel xeon_gold 86146
intel xeon_e5_2418l -
intel xeon_e5_2609 -
intel xeon_e5_2630_v3 -
intel xeon_e3 1578l_v5
intel xeon_platinum 8160f
siemens simatic_ipc627c_firmware *
intel xeon_e5 2683_v3
intel xeon_e5 2699_v3
intel atom_z z3570
intel xeon_e5 2687w_v4
intel xeon_e3 1585_v5
intel pentium_j j4205
intel xeon_e5 4607
siemens simatic_ipc847d_firmware *
intel xeon_e5_2650_v4 -
intel xeon_e5_2640_v4 -
redhat enterprise_linux_eus 7.7
intel xeon_e3 l5530
intel xeon_e5_2643 -
intel xeon_e3_1280_v5 -
intel xeon_e5 4627_v3
intel xeon_e7 8870_v2
intel xeon_e3 x3450
intel xeon_e5 2687w_v2
intel xeon_e5 4660_v4
intel xeon_e5_2608l_v4 -
redhat enterprise_linux_server 7.0
intel xeon_e5_2637_v2 -
intel xeon_e5_2630_v2 -
siemens simatic_field_pg_m5_firmware *
intel xeon_e3 7500
redhat enterprise_linux_workstation 6.0
intel atom_z z3580
intel xeon_e7 4870
intel xeon_e5_1680_v4 -
intel xeon_e3_1286l_v3 -
intel xeon_e5_2448l_v2 -
intel xeon_e3_1240_v2 -
sonicwall global_management_system -
redhat enterprise_linux_server_tus 7.7
intel atom_c c3708
intel xeon_e3_1260l -
redhat enterprise_linux_eus 7.6
intel xeon_e3_1280_v3 -
intel xeon_e5_2608l_v3 -
intel xeon_e5_2430l_v2 -
intel xeon_e3_1280_v2 -
intel atom_c c3808
intel xeon_gold 86142m
intel xeon_e5 4620_v4
redhat enterprise_linux_server 6.0
mitel mivoice_border_gateway -
oracle local_service_management_system *
intel xeon_e3_1505m_v5 -
intel xeon_e5 2699_v4
intel core_i7 45nm
intel atom_c c3750
intel xeon_gold 85115
canonical ubuntu_linux 14.04
intel xeon_e3_1220_v2 -
intel xeon_e3_1235 -
intel xeon_e5_2643_v3 -
redhat enterprise_linux_server_tus 7.4
intel xeon_e5 2695_v3
intel xeon_e3 l5506
intel xeon_gold 86148
intel xeon_gold 86152
intel xeon_e3_1258l_v4 -
siemens simatic_ipc827c_firmware *
intel xeon_e7 4820_v2
redhat enterprise_linux_server_aus 6.4
siemens simatic_field_pg_m4_firmware *
intel xeon_platinum 8156
intel xeon_e3 e5503
siemens itc2200_pro_firmware *
intel xeon_e7 4880_v2
intel xeon_e7 2870
intel xeon_e5_2420_v2 -
intel xeon_silver 4116
intel xeon_e7 4807
siemens simatic_ipc477c_firmware -
intel atom_z z3740
microsoft windows_10 1703
intel xeon_e3_1105c_v2 -
intel xeon_e5_2648l_v2 -
intel xeon_e7 8893_v2
intel xeon_e5_2623_v4 -
intel atom_z z3735d
intel xeon_e3_1265l_v2 -
microsoft windows_server_2012 r2
intel xeon_e5 4628l_v4
redhat enterprise_linux_desktop 6.0
intel xeon_e3_1125c_v2 -
redhat openstack 10
intel xeon_e5_2403_v2 -
intel atom_z z2480
intel xeon_e5 4610_v2
intel xeon_e5_2650l_v2 -
intel xeon_e5_2438l_v3 -
intel xeon_e3_12201_v2 -
intel xeon_e5_2650_v2 -
intel xeon_e7 8893_v3
intel xeon_platinum 8158
intel xeon_gold 86142
intel xeon_e5 2660
redhat enterprise_linux_server_aus 5.9
redhat enterprise_linux_desktop 7.0
intel xeon_e3_1270_v2 -
intel atom_z z3735e
intel xeon_e5_2428l -
intel atom_z z3735f
intel xeon_e3_1265l_v3 -
siemens sinumerik_tcu_30.3_firmware -
mitel micollab -
intel xeon_e7 4860_v2
intel xeon_e5 4667_v3
intel xeon_e5 4624l_v2
intel xeon_e3 x3430
intel xeon_e3_1220_v5 -
intel xeon_e7 8870_v3
siemens ruggedcom_ape_firmware -
intel atom_z z3795
intel atom_z z3530
intel celeron_j j3455
intel xeon_e5_2450l_v2 -
intel xeon_e7 8891_v4
intel xeon_e5_1650_v3 -
intel xeon_e7 2820
intel xeon_e3_1271_v3 -
intel xeon_e3 x3470
redhat enterprise_linux_eus 6.7
intel xeon_e5_2628l_v2 -
intel xeon_e5 4627_v2
siemens itc1500_pro_firmware *
intel xeon_e5_2603_v2 -
intel pentium_silver j5005
intel xeon_e5 4610_v4
intel xeon_e5_2470 -
siemens simatic_ipc477e_pro_firmware *
intel xeon_e3 l3406
intel xeon_e3_1230_v5 -
intel xeon_e5 2695_v4
intel xeon_e5_2450_v2 -
intel xeon_e5 4640_v2
intel xeon_gold 86138
intel xeon_e7 8850_v2
intel xeon_e7 8867_v4
intel xeon_e3 x5550
intel xeon_e5_2618l_v3 -
intel xeon_e5 4610
intel xeon_e3_1270_v3 -
intel xeon_e7 8890_v4
intel xeon_e5_2620 -
intel xeon_e5_2630l_v3 -
intel atom_c c3558
intel xeon_e5_2470_v2 -
intel xeon_e5 2687w_v3
intel xeon_e5_2640 -
intel xeon_e7 4820_v4
redhat enterprise_linux_workstation 7.0
intel xeon_e5 4620
intel xeon_gold 86138f
intel xeon_gold 86128
intel xeon_e5 4627_v4
intel xeon_e5_2430l -
intel xeon_e3 1505m_v6
intel xeon_e5_2650 -
intel xeon_e5 2695_v2
intel xeon_e5_2630_v4 -
intel xeon_e7 8860_v3
intel pentium_silver n5000
intel xeon_e5 4620_v3
intel xeon_e5_2450l -
intel xeon_e3 l3426
intel xeon_e7 4820_v3
redhat enterprise_linux_server_aus 6.5
intel xeon_e7 4850
redhat enterprise_linux_server_aus 6.6
intel xeon_e7 4860
mitel mivoice_business -
intel xeon_e5 4655_v3
arm cortex-a 72
mitel micloud_management_portal *
microsoft windows_8.1 -
redhat enterprise_linux_eus 7.5
intel xeon_e3 1585l_v5
siemens itc1500_firmware *
intel xeon_e3_1240_v3 -
intel xeon_e7 8890_v3
intel xeon_e5 4640_v3
siemens simatic_ipc427d_firmware *
siemens simatic_ipc3000_smart_firmware *
intel xeon_e5_2630l -
intel xeon_platinum 8153
intel atom_c c3955
intel xeon_e7 8870_v4
intel xeon_e3_1240_v5 -
intel atom_z z3736f
intel xeon_e3_1270_v6 -
intel xeon_e5_2628l_v4 -
canonical ubuntu_linux 17.10
intel xeon_e3 e5506
microsoft windows_server_2008 sp2
intel xeon_e5 2658_v4
microsoft surface_pro 1796
intel xeon_e5_2650l -
intel xeon_e5_2603_v3 -
siemens itc2200_firmware *
intel xeon_e5 4669_v3
sonicwall cloud_global_management_system -
arm cortex-a 57
intel xeon_gold 86126
intel xeon_e5 4667_v4
intel xeon_e3_1285_v6 -
microsoft windows_server_2016 -
intel xeon_gold 86140
intel xeon_e7 8860
intel xeon_gold 86154
intel xeon_e3 e5540
redhat enterprise_linux_server_aus 7.3
intel xeon_e5_2620_v2 -
intel core_i5 32nm
intel xeon_e3_1276_v3 -
intel atom_z z3560
intel xeon_e3_1225_v5 -
intel xeon_e3 x3440
intel xeon_e5_2420 -
intel atom_z z3745d
intel xeon_gold 85120
intel xeon_e7 4850_v4
intel xeon_e5_2630l_v2 -
intel core_i5 45nm
intel xeon_e7 8894_v4
intel xeon_e5_2630 -
intel xeon_e3 l3403
intel atom_e e3827
intel xeon_e7 8880_v4
microsoft windows_server_2008 r2
intel xeon_e3_1285l_v3 -
intel xeon_e5_2643_v4 -
intel celeron_n n3450
intel core_i7 32nm
intel xeon_e5_1660_v4 -
intel xeon_e7 2860
intel xeon_gold 86144
intel atom_e e3845
intel pentium n4200
intel xeon_e5_2648l -
intel xeon_e5_2430_v2 -
redhat enterprise_linux_eus 7.3
intel xeon_e3_1220_v6 -
intel celeron_j j4105
intel xeon_e7 8880_v2
intel xeon_e5_1660 -
intel xeon_e5_2609_v3 -
intel xeon_silver 4112
redhat enterprise_linux_server_aus 7.7
arm cortex-a 15
intel xeon_e5 2658_v3
intel xeon_e5 2699a_v4
intel xeon_e3_1225_v2 -
intel xeon_e3_1275_v6 -
intel xeon_e3 1535m_v6
microsoft windows_7 -
intel atom_z z3775
intel xeon_e7 4809_v2
intel xeon_e3_1235l_v5 -
intel xeon_e3_1230_v6 -
intel xeon_e3_1275l_v3 -
intel xeon_e3 x5560
intel xeon_platinum 8180
mitel mivoic_mx-one -
intel xeon_silver 4110
intel xeon_e5 4610_v3
intel xeon_e5 2698_v3
intel atom_e e3805
intel xeon_e3_1275_v2 -
intel xeon_e5_2630l_v4 -
intel xeon_e5 4620_v2
intel core_m 32nm
intel xeon_e3_1501l_v6 -
intel xeon_e5 2658a_v3
intel atom_c c3308
intel xeon_e5_2620_v4 -
intel atom_c c3850
intel xeon_e3_1240_v6 -
intel xeon_e3_1230_v3 -
intel xeon_e7 4830_v2
intel core_m 45nm
intel xeon_e-1105c -
intel xeon_gold 5115
intel xeon_e7 8850
intel xeon_platinum 8176m
intel xeon_e3_1245_v5 -
intel xeon_e3_1241_v3 -
intel xeon_e5_2650l_v3 -
intel atom_z z3770
intel xeon_e3 l5508_
redhat enterprise_linux_server_tus 6.6
intel xeon_e3_1505l_v5 -
intel xeon_e5 2697_v2
microsoft surface_book -
intel xeon_e7 2850_v2
intel xeon_e5_1428l_v2 -
intel xeon_e7 8860_v4
siemens simatic_ipc547g_firmware *
intel xeon_e5_2430 -
intel xeon_e3 e5520
intel xeon_e3_1220_v3 -
intel xeon_e7 8867_v3
intel atom_z z3460
intel xeon_gold 86126f
intel xeon_e5 2670_v2
redhat openstack 12
redhat enterprise_linux_server_tus 7.6
intel atom_c c2308
redhat virtualization_manager 4.2
microsoft windows_10 1809
intel xeon_e3 1545m_v5
intel xeon_gold 85122
siemens itc1900_pro_firmware *
intel atom_c c3508
intel xeon_e3_1245_v2 -
intel xeon_e3_1280 -
intel xeon_platinum 8160
intel xeon_gold 86136
intel xeon_e5_2407 -
siemens sinema_remote_connect_firmware -
intel xeon_e3_1246_v3 -
intel xeon_e5 4650l
intel xeon_e5_2609_v4 -
intel xeon_e7 4890_v2
intel xeon_e7 4870_v2
intel xeon_e7 4830_v3
intel atom_c c3958
intel atom_c c3858
mitel mivoice_connect -
siemens simatic_ipc647d_firmware *
intel xeon_e5_2643_v2 -
microsoft surface_studio -
siemens simatic_ipc647c_firmware *
intel xeon_e7 8837
intel atom_z z3740d
intel xeon_gold 86130
intel xeon_e3_1230_v2 -
intel xeon_e3_1225 -
intel pentium n4000
intel xeon_gold 86150
intel xeon_e5 2658
intel atom_z z2580
intel xeon_e5_2618l_v2 -
intel xeon_gold 86148f
intel xeon_e3_1290 -
intel xeon_gold 86132
intel xeon_gold 85118
siemens simatic_ipc427c_firmware -
redhat openstack 8
intel xeon_e3 l5518_
intel xeon_gold 85120t
intel atom_z z2520
intel xeon_e3_1285_v3 -
intel xeon_e5 4650_v4
intel xeon_e3 x5570
intel xeon_e3 e6550
intel xeon_e5_2640_v2 -
siemens simatic_ipc347e_firmware *
intel xeon_e5_2603_v4 -
intel xeon_e5 2667_v2
microsoft windows_10 1803
intel atom_x5-e3930 -
siemens simatic_ipc477d_firmware *
intel xeon_e5_2403 -
intel xeon_e3 e6510
intel xeon_gold 86134
siemens simatic_ipc627d_firmware *
intel xeon_e5 2660_v4
intel pentium n4100
microsoft windows_10 1709
intel xeon_e5 2650l_v4
redhat enterprise_linux_eus 7.4
intel xeon_e5 2690_v4
intel xeon_platinum 8160t
intel xeon_platinum 8176f
intel atom_c c3538
microsoft windows_server_2016 1803
intel xeon_e5 4669_v4
intel xeon_e5 2687w
intel xeon_e5_2448l -
intel xeon_platinum 8164
intel xeon_e5 4650
intel xeon_e3_1275_v3 -
intel xeon_e3_1285l_v4 -
intel xeon_e3_1270 -
intel xeon_e7 8891_v2
intel xeon_e7 8857_v2
intel xeon_e3_1286_v3 -
microsoft windows_server_2016 1709
intel xeon_e5_2408l_v3 -
intel xeon_e5_2640_v3 -
intel xeon_e3 e5502
intel xeon_e5 2680_v2
sonicwall secure_mobile_access -
intel xeon_e5_2637 -
intel xeon_e5_1428l_v3 -
intel xeon_e5 4603
redhat openstack 13
intel xeon_e3_1275_v5 -
intel xeon_e5 2670_v3
intel xeon_e3_1225_v3 -
siemens simotion_p320-4e_firmware *
intel xeon_e7 8891_v3
microsoft windows_server_2012 -
intel xeon_gold 86126t
canonical ubuntu_linux 12.04
intel xeon_e3 5600
intel xeon_e5 2690_v3
intel xeon_e5 2667_v3
intel xeon_e5 2667_v4
siemens simatic_s7-1500_firmware *
intel xeon_e5_2609_v2 -
intel xeon_gold 85119t
intel xeon_e7 4830_v4
intel xeon_e7 4850_v2
intel xeon_e7 2803
siemens simatic_ipc677d_firmware *
intel xeon_e3_1245_v6 -
intel xeon_e3_1281_v3 -
intel xeon_e3 1535m_v5
intel xeon_e5 2667
intel xeon_e5 2697_v3
intel xeon_e5 2690_v2
intel xeon_e3_1231_v3 -
intel xeon_e5 4603_v2
intel xeon_e3 125c_
intel xeon_e5 4617
intel xeon_e3 e5530
intel atom_c c3950
intel xeon_e3 3600
siemens simatic_ipc427e_firmware *
intel xeon_e3 l5520
microsoft windows_10 1607
redhat enterprise_linux_server_tus 7.2
intel xeon_e3_1240l_v3 -
intel xeon_e7 8870
intel atom_z z2420
intel xeon_e5_2637_v3 -
intel xeon_e5_1630_v3 -
intel xeon_e7 4809_v3
intel xeon_e5 2680_v3
intel xeon_e5 4648_v3
intel xeon_e5 2665
intel xeon_e7 4820
intel xeon_e5_2603 -
intel xeon_e5_2628l_v3 -
intel xeon_e5_1620_v3 -
sonicwall web_application_firewall -
intel xeon_e7 4850_v3
intel xeon_e7 8880l_v3
intel xeon_e5_2623_v3 -
intel xeon_silver 4109t
intel xeon_e3_1290_v2 -
intel xeon_silver 4114
intel xeon_e3_1280_v6 -
canonical ubuntu_linux 18.04
intel xeon_e7 2850
intel xeon_platinum 8170
nvidia jetson_tx1 *
siemens simatic_itp1000_firmware *
intel xeon_e3_1268l_v5 -
redhat openstack 7.0
intel atom_z z3480
microsoft surface_pro 4
intel xeon_e3 1565l_v5
redhat enterprise_linux_server_aus 7.2
redhat virtualization 4.0
intel xeon_e5 2660_v3
intel xeon_e5_2620_v3 -
intel xeon_e7 2830
intel core_i3 45nm
intel xeon_e5 4640
intel xeon_e5_2648l_v3 -
intel xeon_e5_1620 -
intel xeon_e5_2637_v4 -
intel xeon_e3 x3460
intel xeon_e3_1240 -
intel xeon_e5_2440 -
intel xeon_e3_12201 -
intel xeon_e5_2407_v2 -
intel xeon_e3 x3480
intel xeon_e5_1650 -
intel xeon_e3 e5504
siemens sinumerik_840_d_sl_firmware -
intel xeon_e3 1575m_v5
intel xeon_e3 e5507
intel xeon_e5 4650_v3
intel xeon_e5 4657l_v2
intel xeon_e5_1680_v3 -
intel xeon_e3 1275_
intel xeon_gold 86130f
intel xeon_silver 4114t
intel xeon_gold 86130t
intel xeon_e5 2660_v2
intel xeon_e7 4809_v4
intel xeon_e3 w5580
intel xeon_e7 2880_v2
intel xeon_e3_1226_v3 -
intel xeon_e5_2428l_v2 -
intel xeon_e3 e6540
intel atom_z z3745
intel xeon_e5 2683_v4
debian debian_linux 9.0
intel xeon_e3_1285_v4 -
siemens simatic_ipc827d_firmware *
intel xeon_e5 4650_v2
intel atom_e e3826
siemens simatic_ipc847c_firmware *
intel xeon_e3_1245 -
sonicwall sonicosv -
intel atom_z z3736g
intel core_i3 32nm
sonicwall email_security -
microsoft windows_10 -
intel xeon_e5 4655_v4
redhat openstack 9
intel xeon_e5_1630_v4 -
microsoft surface_pro_with_lte_advanced 1807
intel xeon_e7 4830
intel atom_z z3735g
intel xeon_e3_1260l_v5 -
siemens simatic_ipc677c_firmware *
intel xeon_silver 4116t
mitel open_integration_gateway -
intel xeon_e3 1515m_v5
siemens sinumerik_pcu_50.5_firmware *
redhat virtualization_manager 4.3
intel xeon_e5 2699r_v4
redhat enterprise_linux_server_aus 7.4
intel xeon_e5_1428l -
intel xeon_e5_2440_v2 -
intel xeon_e5_2418l_v3 -
schneider-electric struxureware_data_center_expert *
intel xeon_e5 2670
intel xeon_platinum 8170m
intel atom_e e3815
intel xeon_e5_2428l_v3 -
intel xeon_e7 2890_v2
intel xeon_e5 2680_v4
intel xeon_e3_1505l_v6 -
intel atom_z z3770d
redhat mrg_realtime 2.0
intel xeon_e3_1220l_v3 -
intel xeon_e5_2418l_v2 -
intel xeon_platinum 8160m
siemens simatic_ipc477e_firmware *
intel atom_z z3775d
intel xeon_e7 2870_v2
intel xeon_platinum 8168
intel xeon_gold 86140m
siemens simatic_et_200_sp_firmware *
intel xeon_e3_1278l_v4 -
intel atom_z z3785
intel xeon_e3_1245_v3 -
intel xeon_e7 8867l
oracle solaris 11
intel atom_x5-e3940 -
intel xeon_e5_1620_v2 -
intel xeon_e3_1265l_v4 -
intel atom_x7-e3950 -
microsoft surface_pro 3
intel celeron_j j4005
siemens itc1900_firmware *
intel xeon_e5 2698_v4
intel xeon_e5 4660_v3
redhat enterprise_linux_server_tus 7.3
intel xeon_e5_1660_v2 -
intel xeon_e7 8893_v4
intel xeon_gold 86138t
intel xeon_e3_1240l_v5 -
intel atom_c c3830
intel xeon_e5_2650_v3 -
intel xeon_e7 8830
intel xeon_gold 86142f
intel xeon_e5 2697_v4
intel xeon_e5_1650_v4 -
intel xeon_e5 2697a_v4
microsoft surface -
intel xeon_e5_1620_v4 -
intel xeon_e5 4640_v4
intel xeon_e5_1650_v2 -
intel xeon_e3_1230l_v3 -
intel xeon_e5 4607_v2
intel xeon_e5_2450 -
intel atom_z z2460
intel xeon_platinum 8176
nvidia jetson_tx2 *
intel atom_e e3825
intel atom_z z2560
intel atom_z z3590
intel xeon_e3_1268l_v3 -
intel xeon_e3_1270_v5 -
intel atom_z z2760
intel xeon_e3 w5590
intel xeon_e3_1230 -
intel xeon_e7 8880l_v2
intel xeon_e7 8890_v2
canonical ubuntu_linux 16.04
intel xeon_e5_2618l_v4 -
intel atom_c c3338
intel xeon_e5_1660_v3 -
mitel mivoice_5000 -
CVE-2018-3979 MEDIUM

A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution. A specially crafted pixel shader can cause remote denial-of-service issues. An attacker can provide a specially crafted website to trigger this vulnerability. This vulnerability can be triggered remotely after the user visits a malformed website. No further user interaction is required. Vulnerable versions include Ubuntu 18.04 LTS (linux 4.15.0-29-generic x86_64), Nouveau Display Driver NV117 (vermagic: 4.15.0-29-generic SMP mod_unload).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
nvidia quadro_k2200_firmware -
nvidia quadro_m1000m_firmware -
nvidia quadro_m1200m_firmware -
nvidia geforce_gtx_745_firmware -
nvidia geforce_gtx_860m_firmware -
nvidia geforce_gtx_850m_firmware -
nvidia geforce_gtx_950m_firmware -
nvidia geforce_gtx_960m_firmware -
nvidia quadro_k620_firmware -
nvidia grid_m40_firmware -
canonical ubuntu_linux 18.04
nvidia geforce_gtx_750_firmware -
nvidia geforce_gtx_750_ti_firmware -
nvidia grid_m30_firmware -
nvidia quadro_k1200_firmware -
nvidia geforce_gtx_840m_firmware -
nvidia geforce_gtx_845m_firmware -
CVE-2018-6239 LOW

NVIDIA Jetson TX2 contains a vulnerability by means of speculative execution where local and unprivileged code may access the contents of cached information in an unauthorized manner, which may lead to information disclosure. The updates apply to all versions prior to R28.3.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
nvidia jetson_tx2 *
CVE-2018-6242 HIGH

Some NVIDIA Tegra mobile processors released prior to 2016 contain a buffer overflow vulnerability in BootROM Recovery Mode (RCM). An attacker with physical access to the device's USB and the ability to force the device to reboot into RCM could exploit the vulnerability to execute unverified code.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
nvidia tegra_bootrom_rcm -
CVE-2018-6247 HIGH

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a NULL pointer dereference may lead to denial of service or possible escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2018-6248 HIGH

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape where the software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer which may lead to denial of service or possible escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-125,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2018-6249 HIGH

NVIDIA GPU Display Driver contains a vulnerability in kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2018-6250 HIGH

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a NULL pointer dereference occurs which may lead to denial of service or possible escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2018-6251 HIGH

NVIDIA Windows GPU Display Driver contains a vulnerability in the DirectX 10 Usermode driver, where a specially crafted pixel shader can cause writing to unallocated memory, leading to denial of service or potential code execution.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2018-6252 MEDIUM

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape where the software allows an actor access to restricted functionality that is unnecessary to production usage, and which may result in denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2018-6253 MEDIUM

NVIDIA GPU Display Driver contains a vulnerability in the DirectX and OpenGL Usermode drivers where a specially crafted pixel shader can cause infinite recursion leading to denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2018-6257 MEDIUM

NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled where improper access control may lead to a denial of service, escalation of privileges, or both.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia geforce_experience *
CVE-2018-6258 LOW

NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability during GameStream installation where an attacker who has system access can potentially conduct a Man-in-the-Middle (MitM) attack to obtain sensitive information.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia geforce_experience *
CVE-2018-6259 LOW

NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled, an attacker has system access, and certain system features are enabled, where limited information disclosure may be possible.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
nvidia geforce_experience *
CVE-2018-6260 LOW

NVIDIA graphics driver contains a vulnerability that may allow access to application data processed on the GPU through a side channel exposed by the GPU performance counters. Local user access is required. This is not a network or remote attack vector.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2018-6261 MEDIUM

NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation of privileges by users with system access.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
nvidia geforce_experience *
CVE-2018-6262 LOW

NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled where limited sensitive user information may be available to users with system access, which may lead to information disclosure.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
nvidia geforce_experience *
CVE-2018-6263 MEDIUM

NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows in which an attacker who has access to a local user account can plant a malicious dynamic link library (DLL) during application installation, which may lead to escalation of privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia geforce_experience *
CVE-2018-6265 MEDIUM

NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 during application installation on Windows 7 in elevated privilege mode, where a local user who initiates a browser session may obtain escalation of privileges on the browser.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia geforce_experience *
CVE-2018-6266 LOW

NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
nvidia geforce_experience *
CVE-2018-6269 MEDIUM

NVIDIA Jetson TX2 contains a vulnerability in the kernel driver where input/output control (IOCTL) handling for user mode requests could create a non-trusted pointer dereference, which may lead to information disclosure, denial of service, escalation of privileges, or code execution. The updates apply to all versions prior to R28.3.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
nvidia jetson_tx2 *
CVE-2019-15788 HIGH

Clara Genomics Analysis before 0.2.0 has an integer overflow for cudapoa memory management in allocate_block.cpp.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
nvidia clara_genomics_analysis *
CVE-2019-5665 HIGH

NVIDIA Windows GPU Display driver contains a vulnerability in the 3D vision component in which the stereo service software, when opening a file, does not check for hard links. This behavior may lead to code execution, denial of service or escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-59,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2019-5666 HIGH

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) create context command DDI DxgkDdiCreateContext in which the product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array, which may lead to denial of service or escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-129,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2019-5667 HIGH

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiSetRootPageTable in which the application dereferences a pointer that it expects to be valid, but is NULL, which may lead to code execution, denial of service or escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2019-5668 HIGH

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiSubmitCommandVirtual in which the application dereferences a pointer that it expects to be valid, but is NULL, which may lead to denial of service or escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2019-5669 HIGH

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape in which the software uses a sequential operation to read from or write to a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer, which may lead to denial of service or escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2019-5670 HIGH

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape in which the software uses a sequential operation to read from or write to a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer which may lead to denial of service, escalation of privileges, code execution or information disclosure.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2019-5671 MEDIUM

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software does not release a resource after its effective lifetime has ended, which may lead to denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-772,

Products Affected

Vendor Product Version
nvidia gpu_driver -
CVE-2019-5672 MEDIUM

NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system (on all versions prior to R28.3) where the Secure Shell (SSH) keys provided in the sample rootfs are not replaced by unique host keys after sample rootsfs generation and flashing, which may lead to information disclosure.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-320,

Products Affected

Vendor Product Version
nvidia jetson_tx2 *
nvidia jetson_tx1 *
CVE-2019-5673 LOW

NVIDIA Jetson TX2 contains a vulnerability in the kernel driver (on all versions prior to R28.3) where the ARM System Memory Management Unit (SMMU) improperly checks for a fault condition, causing transactions to be discarded, which may lead to denial of service.

CVSS 2.0

Severity: LOW

Problem Type: CWE-754,

Products Affected

Vendor Product Version
nvidia jetson_tx2 *
CVE-2019-5674 MEDIUM

NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-59,

Products Affected

Vendor Product Version
nvidia geforce_experience *
CVE-2019-5675 HIGH

NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior and unpredictable data changes, which may lead to denial of service, escalation of privileges, or information disclosure.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-662,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2019-5676 HIGH

NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-427,

Products Affected

Vendor Product Version
nvidia geforce_experience *
nvidia gpu_display_driver *
CVE-2019-5677 MEDIUM

NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DeviceIoControl where the software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer, which may lead to denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2019-5678 MEDIUM

NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly validated. Such an attack may lead to code execution, denial of service or information disclosure.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
nvidia geforce_experience *
CVE-2019-5679 HIGH

NVIDIA Shield TV Experience prior to v8.0, NVIDIA Tegra bootloader contains a vulnerability in nvtboot where the Trusted OS image is improperly authenticated, which may lead to code execution, denial of service, escalation of privileges, and information disclosure, code execution, denial of service, or escalation of privileges

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
nvidia shield_experience *
CVE-2019-5680 MEDIUM

In NVIDIA Jetson TX1 L4T R32 version branch prior to R32.2, Tegra bootloader contains a vulnerability in nvtboot in which the nvtboot-cpu image is loaded without the load address first being validated, which may lead to code execution, denial of service, or escalation of privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
nvidia jetson_tx1_firmware *
CVE-2019-5681 HIGH

NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the custom NVIDIA API used in the mount system service where user data could be overridden, which may lead to code execution, denial of service, or information disclosure.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia shield_experience *
CVE-2019-5682 HIGH

NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the NVIDIA Games App where it improperly exports an Activity but does not properly restrict which applications can launch the Activity, which may lead to code execution or denial of service.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia shield_experience *
CVE-2019-5683 HIGH

NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the user mode video driver trace logger component. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-59,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2019-5684 HIGH

NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access of an input texture array, which may lead to denial of service or code execution.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2019-5685 HIGH

NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access to a shader local temporary array, which may lead to denial of service or code execution.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2019-5686 MEDIUM

NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software uses an API function or data structure in a way that relies on properties that are not always guaranteed to be valid, which may lead to denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2019-5687 LOW

NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which an incorrect use of default permissions for an object exposes it to an unintended actor

CVSS 2.0

Severity: LOW

Problem Type: CWE-276,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2019-5688 HIGH

NVIDIA NVFlash, NVUFlash Tool prior to v5.588.0 and GPUModeSwitch Tool prior to 2019-11, NVIDIA kernel mode driver (nvflash.sys, nvflsh32.sys, and nvflsh64.sys) contains a vulnerability in which authenticated users with administrative privileges can gain access to device memory and registers of other devices not managed by NVIDIA, which may lead to escalation of privileges, information disclosure, or denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia nvuflash *
nvidia gpumodeswitch *
nvidia nvflash *
CVE-2019-5689 MEDIUM

NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of service, or information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia geforce_experience *
CVE-2019-5690 HIGH

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the size of an input buffer is not validated, which may lead to denial of service or escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2019-5691 HIGH

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which a NULL pointer is dereferenced, which may lead to denial of service or escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2019-5692 HIGH

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the product uses untrusted input when calculating or using an array index, which may lead to escalation of privileges or denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-129,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2019-5693 MEDIUM

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) in which the program accesses or uses a pointer that has not been initialized, which may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-824,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2019-5694 MEDIUM

NVIDIA Windows GPU Display Driver, R390 driver version, contains a vulnerability in NVIDIA Control Panel in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution. The attacker requires local system access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.6 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2019-5695 MEDIUM

NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.6 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,

Products Affected

Vendor Product Version
nvidia geforce_experience *
nvidia gpu_driver *
CVE-2019-5696 LOW

NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in which the provision of an incorrectly sized buffer by a guest VM leads to GPU out-of-bound access, which may lead to a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-131,

Products Affected

Vendor Product Version
nvidia virtual_gpu_manager *
CVE-2019-5697 LOW

NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in which it may grant a guest access to memory that it does not own, which may lead to information disclosure or denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia virtual_gpu_manager *
CVE-2019-5698 LOW

NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in the vGPU plugin, in which an input index value is incorrectly validated, which may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-129,

Products Affected

Vendor Product Version
nvidia virtual_gpu_manager *
CVE-2019-5699 HIGH

NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra bootloader contains a vulnerability where the software performs an incorrect bounds check, which may lead to buffer overflow resulting in escalation of privileges and code execution. escalation of privileges, and information disclosure, code execution, denial of service, or escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
nvidia shield_experience *
CVE-2019-5700 HIGH

NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software contains a vulnerability in the bootloader, where it does not validate the fields of the boot image, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
nvidia shield_experience *
CVE-2019-5701 MEDIUM

NVIDIA GeForce Experience, all versions prior to 3.20.0.118, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service, information disclosure, or escalation of privileges through code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,

Products Affected

Vendor Product Version
nvidia geforce_experience *
CVE-2019-5702 MEDIUM

NVIDIA GeForce Experience, all versions prior to 3.20.2, contains a vulnerability when GameStream is enabled in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia geforce_experience *
CVE-2020-5957 MEDIUM

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia geforce_experience *
nvidia tesla_firmware *
nvidia quadro_firmware *
CVE-2020-5958 MEDIUM

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can plant a malicious DLL file, which may lead to code execution, denial of service, or information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia geforce_experience *
nvidia tesla_firmware *
nvidia quadro_firmware *
CVE-2020-5959 LOW

NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in the vGPU plugin in which an input index value is incorrectly validated which may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-129,

Products Affected

Vendor Product Version
nvidia virtual_gpu_manager *
CVE-2020-5960 LOW

NVIDIA Virtual GPU Manager contains a vulnerability in the kernel module (nvidia.ko), where a null pointer dereference may occur, which may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-476,

Products Affected

Vendor Product Version
nvidia virtual_gpu_manager -
CVE-2020-5961 LOW

NVIDIA vGPU graphics driver for guest OS contains a vulnerability in which an incorrect resource clean up on a failure path can impact the guest VM, leading to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-459,

Products Affected

Vendor Product Version
nvidia virtual_gpu_graphics_driver -
CVE-2020-5962 MEDIUM

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component, in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia nvs_firmware *
nvidia tesla_firmware *
nvidia geforce_firmware *
nvidia quadro_firmware *
CVE-2020-5963 MEDIUM

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the Inter Process Communication APIs, in which improper access control may lead to code execution, denial of service, or information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
canonical ubuntu_linux 20.04
nvidia nvs_firmware *
canonical ubuntu_linux 19.10
canonical ubuntu_linux 18.04
nvidia tesla_firmware *
nvidia geforce_firmware *
nvidia quadro_firmware *
CVE-2020-5964 MEDIUM

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the service host component, in which the application resources integrity check may be missed. Such an attack may lead to code execution, denial of service or information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-345,

Products Affected

Vendor Product Version
nvidia geforce_experience *
nvidia nvs_firmware *
nvidia tesla_firmware *
nvidia geforce_firmware *
nvidia quadro_firmware *
CVE-2020-5965 LOW

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the DirectX 11 user mode driver (nvwgf2um/x.dll), in which a specially crafted shader can cause an out of bounds access, leading to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,

Products Affected

Vendor Product Version
nvidia nvs_firmware *
nvidia tesla_firmware *
nvidia geforce_firmware *
nvidia quadro_firmware *
CVE-2020-5966 MEDIUM

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, in which a NULL pointer is dereferenced, leading to denial of service or potential escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
nvidia gpu_display_driver *
CVE-2020-5967 LOW

NVIDIA Linux GPU Display Driver, all versions, contains a vulnerability in the UVM driver, in which a race condition may lead to a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 1.0 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-362,

Products Affected

Vendor Product Version
canonical ubuntu_linux 20.04
nvidia nvs_firmware *
canonical ubuntu_linux 19.10
canonical ubuntu_linux 18.04
nvidia tesla_firmware *
nvidia geforce_firmware *
nvidia quadro_firmware *
CVE-2020-5968 MEDIUM

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which the software does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed by using an index or pointer, such as memory or files, which may lead to code execution, denial of service, escalation of privileges, or information disclosure. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
nvidia virtual_gpu_manager *
CVE-2020-5969 LOW

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which it validates a shared resource before using it, creating a race condition which may lead to denial of service or information disclosure. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H 1.0 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-362,

Products Affected

Vendor Product Version
nvidia virtual_gpu_manager *
CVE-2020-5970 LOW

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data size is not validated, which may lead to tampering or denial of service. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
nvidia virtual_gpu_manager *
CVE-2020-5971 MEDIUM

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which the software reads from a buffer by using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer, which may lead to code execution, denial of service, escalation of privileges, or information disclosure. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
nvidia virtual_gpu_manager *
CVE-2020-5972 LOW

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which local pointer variables are not initialized and may be freed later, which may lead to tampering or denial of service. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-763,

Products Affected

Vendor Product Version
nvidia virtual_gpu_manager *
CVE-2020-5973 LOW

NVIDIA Virtual GPU Manager and the guest drivers contain a vulnerability in vGPU plugin, in which there is the potential to execute privileged operations, which may lead to denial of service. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
canonical ubuntu_linux 20.04
nvidia virtual_gpu *
canonical ubuntu_linux 19.10
canonical ubuntu_linux 18.04
CVE-2020-5974 MEDIUM

NVIDIA JetPack SDK, version 4.2 and 4.3, contains a vulnerability in its installation scripts in which permissions are incorrectly set on certain directories, which can lead to escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,

Products Affected

Vendor Product Version
nvidia jetpack_software_development_kit 4.2
nvidia jetpack_software_development_kit 4.3
CVE-2020-5975 MEDIUM

NVIDIA GeForce NOW, versions prior to 2.0.23 on Windows and macOS, contains a vulnerability in the desktop application software that includes sensitive information as part of a URL, which may lead to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
nvidia geforce_now *
CVE-2020-5976 MEDIUM

NVIDIA GeForce NOW, versions prior to 2.0.23 (Windows, macOS) and versions prior to 5.31 (Android, Shield TV), contains a vulnerability in the application software where the network test component transmits sensitive information insecurely, which may lead to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia games *
nvidia geforce_now *
CVE-2020-5977 MEDIUM

NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-426,

Products Affected

Vendor Product Version
nvidia geforce_experience *
CVE-2020-5978 MEDIUM

NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCAL_SYSTEM privileges which may lead to a denial of service or escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia geforce_experience *
CVE-2020-5979 MEDIUM

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which a user is presented with a dialog box for input by a high-privilege process, which may lead to escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
nvidia virtual_gpu_manager *
CVE-2020-5980 MEDIUM

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in multiple components in which a securely loaded system DLL will load its dependencies in an insecure fashion, which may lead to code execution or denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
nvidia virtual_gpu_manager *
CVE-2020-5981 MEDIUM

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), in which a specially crafted shader can cause an out of bounds access, which may lead to denial of service or code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
nvidia virtual_gpu_manager *
CVE-2020-5982 LOW

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) scheduler, in which the software does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests, which may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-770,

Products Affected

Vendor Product Version
nvidia virtual_gpu_manager *
CVE-2020-5983 LOW

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin and the host driver kernel module, in which the potential exists to write to a memory location that is outside the intended boundary of the frame buffer memory allocated to guest operating systems, which may lead to denial of service or information disclosure. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-787,

Products Affected

Vendor Product Version
nvidia virtual_gpu_manager *
nvidia virtual_gpu_manager 11.0
CVE-2020-5984 MEDIUM

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which it may have the use-after-free vulnerability while freeing some resources, which may lead to denial of service, code execution, and information disclosure. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
nvidia virtual_gpu_manager *
nvidia virtual_gpu_manager 11.0
CVE-2020-5985 LOW

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data length is not validated, which may lead to tampering or denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
nvidia virtual_gpu_manager *
nvidia virtual_gpu_manager 11.0
CVE-2020-5986 LOW

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data size is not validated, which may lead to tampering or denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
nvidia virtual_gpu_manager *
nvidia virtual_gpu_manager 11.0
CVE-2020-5987 MEDIUM

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which guest-supplied parameters remain writable by the guest after the plugin has validated them, which may lead to the guest being able to pass invalid parameters to plugin handlers, which may lead to denial of service or escalation of privileges. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-459,

Products Affected

Vendor Product Version
nvidia virtual_gpu_manager *
nvidia virtual_gpu_manager 11.0
CVE-2020-5988 LOW

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which allocated memory can be freed twice, which may lead to information disclosure or denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-415,

Products Affected

Vendor Product Version
nvidia virtual_gpu_manager *
nvidia virtual_gpu_manager 11.0
CVE-2020-5989 LOW

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which it can dereference a NULL pointer, which may lead to denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-476,

Products Affected

Vendor Product Version
nvidia virtual_gpu_manager *
CVE-2020-5990 MEDIUM

NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia geforce_experience *
CVE-2020-5991 MEDIUM

NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-787,

Products Affected

Vendor Product Version
nvidia cuda_toolkit *
CVE-2020-5992 MEDIUM

NVIDIA GeForce NOW application software on Windows, all versions prior to 2.0.25.119, contains a vulnerability in its open-source software dependency in which the OpenSSL library is vulnerable to binary planting attacks by a local user, which may lead to code execution or escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,

Products Affected

Vendor Product Version
nvidia geforce_now *
CVE-2021-1051 MEDIUM

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which a local user can get elevated privileges to modify display configuration data, which may result in denial of service of the display.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H 2.0 5.8
nvd@nist.gov 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H 2.0 5.8

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2021-1052 HIGH

NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2021-1053 LOW

NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which improper validation of a user pointer may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2021-1054 LOW

NVIDIA GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action, which may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-863,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2021-1055 MEDIUM

NVIDIA GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which improper access control may lead to denial of service and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 1.8 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
nvidia gpu_driver *
CVE-2021-1056 LOW

NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-276,

Products Affected

Vendor Product Version
nvidia gpu_driver *
debian debian_linux 9.0
CVE-2021-1057 MEDIUM

NVIDIA Virtual GPU Manager NVIDIA vGPU manager contains a vulnerability in the vGPU plugin in which it allows guests to allocate some resources for which the guest is not authorized, which may lead to integrity and confidentiality loss, denial of service, or information disclosure. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
nvidia virtual_gpu_manager *
CVE-2021-1058 LOW

NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and vGPU plugin, in which an input data size is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-1284,

Products Affected

Vendor Product Version
nvidia virtual_gpu_manager *
CVE-2021-1059 MEDIUM

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input index is not validated, which may lead to integer overflow, which in turn may cause tampering of data, information disclosure, or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
nvidia virtual_gpu_manager *
CVE-2021-1060 LOW

NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and vGPU plugin, in which an input index is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
nvidia virtual_gpu_manager *
CVE-2021-1061 LOW

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which a race condition may cause the vGPU plugin to continue using a previously validated resource that has since changed, which may lead to denial of service or information disclosure. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H 1.0 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-362,

Products Affected

Vendor Product Version
nvidia virtual_gpu_manager *
CVE-2021-1062 LOW

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input data length is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-1284,

Products Affected

Vendor Product Version
nvidia virtual_gpu_manager *
CVE-2021-1063 MEDIUM

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input offset is not validated, which may lead to a buffer overread, which in turn may cause tampering of data, information disclosure, or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
nvidia virtual_gpu_manager *
CVE-2021-1064 LOW

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which it obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer, which may lead to information disclosure or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-476,

Products Affected

Vendor Product Version
nvidia virtual_gpu_manager *
CVE-2021-1065 LOW

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which input data is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
nvidia virtual_gpu_manager *
CVE-2021-1066 LOW

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which input data is not validated, which may lead to unexpected consumption of resources, which in turn may lead to denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
nvidia virtual_gpu_manager *
CVE-2021-1067 MEDIUM

NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the implementation of the RPMB command status, in which an attacker can write to the Write Protect Configuration Block, which may lead to denial of service or escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia shield_experience *
CVE-2021-1068 MEDIUM

NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVDEC component, in which an attacker can read from or write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
nvidia shield_experience *
CVE-2021-1069 LOW

NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVHost function, which may lead to abnormal reboot due to a null pointer reference, causing data loss.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 1.8 4.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-476,

Products Affected

Vendor Product Version
nvidia shield_experience *
nvidia linux_for_tegra *
CVE-2021-1070 LOW

NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, L4T versions prior to 32.5, contains a vulnerability in the apply_binaries.sh script used to install NVIDIA components into the root file system image, in which improper access control is applied, which may lead to an unprivileged user being able to modify system device tree files, leading to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2
psirt@nvidia.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
nvidia linux_for_tegra *
CVE-2021-1071 LOW

NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver in which improper access control may lead to unauthorized users gaining access to system power usage data, which may lead to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
psirt@nvidia.com 5.6 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N 1.1 4.0

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
nvidia linux_for_tegra *
CVE-2021-1072 LOW

NVIDIA GeForce Experience, all versions prior to 3.21, contains a vulnerability in GameStream (rxdiag.dll) where an arbitrary file deletion due to improper handling of log files may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.0 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H 0.8 5.2
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia geforce_experience *
CVE-2021-1073 MEDIUM

NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability in the login flow when a user tries to log in by using a browser, while, at the same time, any other web page is loaded in other tabs of the same browser. In this situation, the web page can get access to the token of the user login session, leading to the possibility that the user’s account is compromised. This may lead to the targeted user’s data being accessed, altered, or lost.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.3 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 1.6 6.0
psirt@nvidia.com 8.3 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 1.6 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia geforce_experience *
CVE-2021-1074 MEDIUM

NVIDIA GPU Display Driver for Windows installer contains a vulnerability where an attacker with local unprivileged system access may be able to replace an application resource with malicious files. This attack requires a user with system administration rights to execute the installer and requires the attacker to replace the files in a very short time window between file integrity validation and execution. Such an attack may lead to code execution, escalation of privileges, denial of service, and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9
psirt@nvidia.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia gpu_display_driver *
CVE-2021-1075 MEDIUM

NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the program dereferences a pointer that contains a location for memory that is no longer valid, which may lead to code execution, denial of service, or escalation of privileges. Attacker does not have any control over the information and may conduct limited data modification.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H 2.0 4.7
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H 2.0 4.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
nvidia gpu_display_driver *
CVE-2021-1076 MEDIUM

NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of service, information disclosure, or data corruption.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
psirt@nvidia.com 6.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 1.8 4.7

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
nvidia gpu_display_driver *
debian debian_linux 9.0
CVE-2021-1077 LOW

NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver branch, contains a vulnerability where the software uses a reference count to manage a resource that is incorrectly updated, which may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
psirt@nvidia.com 6.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 1.8 4.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-404,

Products Affected

Vendor Product Version
nvidia gpu_display_driver *
CVE-2021-1078 MEDIUM

NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel driver (nvlddmkm.sys) where a NULL pointer dereference may lead to system crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
nvidia gpu_display_driver *
CVE-2021-1079 LOW

NVIDIA GeForce Experience, all versions prior to 3.22, contains a vulnerability in GameStream plugins where log files are created using NT/System level permissions, which may lead to code execution, denial of service, or local privilege escalation. The attacker does not have control over the consequence of a modification nor would they be able to leak information as a direct result of the overwrite.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 1.8 4.2
psirt@nvidia.com 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 1.8 4.2

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia geforce_experience *
CVE-2021-1080 MEDIUM

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), in which certain input data is not validated, which may lead to information disclosure, tampering of data, or denial of service. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior 8.7).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
nvidia virtual_gpu_manager *
CVE-2021-1081 MEDIUM

NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and Virtual GPU manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior 8.7).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1284,

Products Affected

Vendor Product Version
nvidia virtual_gpu_manager *
CVE-2021-1082 MEDIUM

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior to 8.7)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1284,

Products Affected

Vendor Product Version
nvidia virtual_gpu_manager *
CVE-2021-1083 MEDIUM

NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. This affects vGPU version 12.x (prior to 12.2) and version 11.x (prior to 11.4).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1284,

Products Affected

Vendor Product Version
nvidia virtual_gpu_manager *
CVE-2021-1084 MEDIUM

NVIDIA vGPU driver contains a vulnerability in the guest kernel mode driver and Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data or denial of service. This affects vGPU version 12.x (prior to 12.2) and version 11.x (prior to 11.4).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
nvidia virtual_gpu_manager *
CVE-2021-1085 MEDIUM

NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to write to a shared memory location and manipulate the data after the data has been validated, which may lead to denial of service and escalation of privileges and information disclosure but attacker doesn't have control over what information is obtained. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior to 8.7).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H 1.8 5.5
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H 1.8 5.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
nvidia virtual_gpu_manager *
CVE-2021-1086 LOW

NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where it allows guests to control unauthorized resources, which may lead to integrity and confidentiality loss or information disclosure. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior to 8.7).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 1.8 5.2
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-863,

Products Affected

Vendor Product Version
nvidia virtual_gpu_manager *
CVE-2021-1087 LOW

NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin), which could allow an attacker to retrieve information that could lead to a Address Space Layout Randomization (ASLR) bypass. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior to 8.7).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia virtual_gpu_manager *
CVE-2021-1088 LOW

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to utilize debug mechanisms with insufficient access control, which may lead to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6
psirt@nvidia.com 4.1 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 0.5 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
nvidia dgx-1_p100 -
nvidia drive_constellation -
nvidia quadro_m1000m -
nvidia jetson_tx1 -
nvidia geforce_gtx_645 -
nvidia geforce_gt_625 -
nvidia jetson_nano -
nvidia geforce_gt_710 -
nvidia quadro_p4200 -
nvidia geforce_gtx_660_ti -
nvidia geforce_gtx_680 -
nvidia geforce_rtx_2060_super -
nvidia quadro_rtx_4000 -
nvidia geforce_gtx_670 -
nvidia geforce_gtx_950 -
nvidia nvidia_t1000 -
nvidia geforce_gtx_1060 -
nvidia tesla_m40 -
nvidia quadro_m5000m -
nvidia geforce_gt_620 -
nvidia quadro_p520 -
nvidia geforce_gtx_780 -
nvidia geforce_gtx_745 -
nvidia geforce_gtx_760_ti -
nvidia quadro_t2000 -
nvidia jetson_tx2_nx -
nvidia gtx_titan_black -
nvidia quadro_p3200 -
nvidia geforce_gtx_980 -
nvidia geforce_gtx_1660_super -
nvidia jetson_tx2_4gb -
nvidia quadro_t600 -
nvidia tesla_v100 -
nvidia jetson_tx2 -
nvidia dgx_station_a100 -
nvidia nvidia_hgx-2 -
nvidia geforce_gtx_titan_x -
nvidia quadro_p4000 -
nvidia quadro_m2000 -
nvidia quadro_t1000 -
nvidia quadro_m1200 -
nvidia geforce_gt_730 -
nvidia tesla_p100 -
nvidia quadro_p3000 -
nvidia jetson_agx_xavier_32gb -
nvidia quadro_rtx_8000 -
nvidia geforce_gtx_750 -
nvidia geforce_gtx_750_ti -
nvidia jetson_tx2i -
nvidia quadro_m4000m -
nvidia nvidia_t4 -
nvidia tesla_p4 -
nvidia titan_x -
nvidia tesla_m10 -
nvidia tesla_m4 -
nvidia geforce_rtx_2080 -
nvidia geforce_gtx_760 -
nvidia nvidia_t600 -
nvidia quadro_p6000 -
nvidia geforce_gtx_1070_ti -
nvidia geforce_rtx_2080_ti -
nvidia geforce_gt_630 -
nvidia geforce_gt_640 -
nvidia quadro_p2200 -
nvidia geforce_gt_705 -
nvidia quadro_m2000m -
nvidia quadro_m5500 -
nvidia quadro_m6000 -
nvidia geforce_gtx_1080_ti -
nvidia gtx_titan_z -
nvidia gtx_titan -
nvidia geforce_gtx_1080 -
nvidia titan_xp -
nvidia dgx-2 -
nvidia geforce_gt_605 -
nvidia quadro_m620 -
nvidia quadro_t400 -
nvidia quadro_p5200 -
nvidia quadro_m3000m -
nvidia quadro_m520 -
nvidia jetson_agx_xavier_16gb -
nvidia geforce_gtx_970 -
nvidia quadro_p2000 -
nvidia geforce_gtx_780_ti -
nvidia geforce_gtx_650 -
nvidia tesla_p40 -
nvidia shield_tv_pro -
nvidia quadro_m500m -
nvidia quadro_m2200 -
nvidia quadro_p500 -
nvidia geforce_gt_635 -
nvidia dgx-1_v100 -
nvidia geforce_gtx_770 -
nvidia geforce_gtx_1660_ti -
nvidia tesla_m6 -
nvidia geforce_gt_610 -
nvidia tesla_m60 -
nvidia titan_rtx -
nvidia geforce_rtx_2070 -
nvidia geforce_gtx_1050 -
nvidia geforce_gtx_650_ti -
nvidia shield_tv -
nvidia quadro_rtx_3000 -
nvidia quadro_rtx_5000 -
nvidia nvidia_t2000 -
nvidia geforce_gtx_1650_super -
nvidia titan_v -
nvidia jetson_agx_xavier_8gb -
nvidia geforce_gt_720 -
nvidia tesla_p6 -
nvidia quadro_gv100 -
nvidia quadro_p400 -
nvidia quadro_p620 -
nvidia quadro_m4000 -
nvidia geforce_rtx_2080_super -
nvidia jetson_xavier_nx -
nvidia quadro_p5000 -
nvidia geforce_gtx_1650 -
nvidia geforce_rtx_2060 -
nvidia tesla_v100s -
nvidia geforce_gtx_650_ti_boost -
nvidia geforce_gtx_690 -
nvidia geforce_rtx_2070_super -
nvidia geforce_gtx_1660 -
nvidia geforce_gtx_960 -
nvidia quadro_p1000 -
nvidia quadro_m600m -
nvidia geforce_gtx_1050_ti -
nvidia geforce_gtx_660 -
nvidia quadro_rtx_6000 -
nvidia quadro_p600 -
nvidia quadro_m5000 -
nvidia geforce_gtx_1070 -
nvidia geforce_gt_740 -
nvidia nvidia_t400 -
CVE-2021-1089 MEDIUM

NVIDIA GPU Display Driver for Windows contains a vulnerability in nvidia-smi where an uncontrolled DLL loading path may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,

Products Affected

Vendor Product Version
nvidia gpu_display_driver *
CVE-2021-1090 LOW

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for control calls where the software reads or writes to a buffer by using an index or pointer that references a memory location after the end of the buffer, which may lead to data tampering or denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2
psirt@nvidia.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-120,

Products Affected

Vendor Product Version
nvidia gpu_display_driver *
CVE-2021-1091 LOW

NVIDIA GPU Display driver for Windows contains a vulnerability where an unprivileged user can create a file hard link that causes the driver to overwrite a file that requires elevated privilege to modify, which could lead to data loss or denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
nvidia gpu_display_driver *
CVE-2021-1092 LOW

NVIDIA GPU Display Driver for Windows contains a vulnerability in the NVIDIA Control Panel application where it is susceptible to a Windows file system symbolic link attack where an unprivileged attacker can cause the applications to overwrite privileged files, resulting in potential denial of service or data loss.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
nvidia gpu_display_driver *
CVE-2021-1093 MEDIUM

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in firmware where the driver contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary, and may lead to denial of service or system crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.5 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-404,

Products Affected

Vendor Product Version
nvidia gpu_display_driver *
debian debian_linux 9.0
CVE-2021-1094 LOW

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an out of bounds array access may lead to denial of service or information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H 1.8 4.2
psirt@nvidia.com 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H 1.8 4.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,

Products Affected

Vendor Product Version
nvidia gpu_display_driver *
debian debian_linux 9.0
CVE-2021-1095 LOW

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handlers for all control calls with embedded parameters where dereferencing an untrusted pointer may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-476,

Products Affected

Vendor Product Version
nvidia gpu_display_driver *
debian debian_linux 9.0
CVE-2021-1096 MEDIUM

NVIDIA Windows GPU Display Driver for Windows contains a vulnerability in the NVIDIA kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where dereferencing a NULL pointer may lead to a system crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
psirt@nvidia.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
nvidia gpu_display_driver *
CVE-2021-1097 MEDIUM

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it improperly validates the length field in a request from a guest. This flaw allows a malicious guest to send a length field that is inconsistent with the actual length of the input, which may lead to information disclosure, data tampering, or denial of service. This affects vGPU version 12.x (prior to 12.3), version 11.x (prior to 11.5) and version 8.x (prior 8.8).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
nvidia virtual_gpu *
CVE-2021-1098 MEDIUM

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it doesn't release some resources during driver unload requests from guests. This flaw allows a malicious guest to perform operations by reusing those resources, which may lead to information disclosure, data tampering, or denial of service. This affects vGPU version 12.x (prior to 12.3), version 11.x (prior to 11.5) and version 8.x (prior 8.8).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-404,

Products Affected

Vendor Product Version
nvidia virtual_gpu *
CVE-2021-1099 MEDIUM

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin) that could allow an attacker to cause stack-based buffer overflow and put a customized ROP gadget on the stack. Such an attack may lead to information disclosure, data tampering, or denial of service. This affects vGPU version 12.x (prior to 12.3), version 11.x (prior to 11.5) and version 8.x (prior 8.8).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
nvidia virtual_gpu *
CVE-2021-1100 LOW

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager kernel mode driver (nvidia.ko), in which a pointer to a user-space buffer is not validated before it is dereferenced, which may lead to denial of service. This affects vGPU version 12.x (prior to 12.3), version 11.x (prior to 11.5) and version 8.x (prior 8.8).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.5 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
nvidia virtual_gpu *
CVE-2021-1101 LOW

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a NULL pointer, which may lead to denial of service. This affects vGPU version 12.x (prior to 12.3), version 11.x (prior to 11.5) and version 8.x (prior 8.8).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
psirt@nvidia.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-476,

Products Affected

Vendor Product Version
nvidia virtual_gpu *
CVE-2021-1102 LOW

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can lead to floating point exceptions, which may lead to denial of service. This affects vGPU version 12.x (prior to 12.3), version 11.x (prior to 11.5) and version 8.x (prior 8.8).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-755,

Products Affected

Vendor Product Version
nvidia virtual_gpu *
CVE-2021-1103 LOW

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a NULL pointer, which may lead to denial of service. This affects vGPU version 12.x (prior to 12.3), version 11.x (prior to 11.5) and version 8.x (prior 8.8).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.8 3.6
psirt@nvidia.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-476,

Products Affected

Vendor Product Version
nvidia virtual_gpu *
CVE-2021-1105 LOW

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to access debug registers during runtime, which may lead to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 4.1 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 0.5 3.6
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia dgx-1_p100 -
nvidia drive_constellation -
nvidia quadro_m1000m -
nvidia jetson_tx1 -
nvidia geforce_gtx_645 -
nvidia geforce_gt_625 -
nvidia jetson_nano -
nvidia geforce_gt_710 -
nvidia quadro_p4200 -
nvidia geforce_gtx_660_ti -
nvidia geforce_gtx_680 -
nvidia geforce_rtx_2060_super -
nvidia quadro_rtx_4000 -
nvidia geforce_gtx_670 -
nvidia geforce_gtx_950 -
nvidia nvidia_t1000 -
nvidia geforce_gtx_1060 -
nvidia tesla_m40 -
nvidia quadro_m5000m -
nvidia geforce_gt_620 -
nvidia quadro_p520 -
nvidia geforce_gtx_780 -
nvidia geforce_gtx_745 -
nvidia geforce_gtx_760_ti -
nvidia quadro_t2000 -
nvidia jetson_tx2_nx -
nvidia gtx_titan_black -
nvidia quadro_p3200 -
nvidia geforce_gtx_980 -
nvidia geforce_gtx_1660_super -
nvidia jetson_tx2_4gb -
nvidia quadro_t600 -
nvidia tesla_v100 -
nvidia jetson_tx2 -
nvidia dgx_station_a100 -
nvidia nvidia_hgx-2 -
nvidia geforce_gtx_titan_x -
nvidia quadro_p4000 -
nvidia quadro_m2000 -
nvidia quadro_t1000 -
nvidia quadro_m1200 -
nvidia geforce_gt_730 -
nvidia tesla_p100 -
nvidia quadro_p3000 -
nvidia jetson_agx_xavier_32gb -
nvidia quadro_rtx_8000 -
nvidia geforce_gtx_750 -
nvidia geforce_gtx_750_ti -
nvidia jetson_tx2i -
nvidia quadro_m4000m -
nvidia nvidia_t4 -
nvidia tesla_p4 -
nvidia titan_x -
nvidia tesla_m10 -
nvidia tesla_m4 -
nvidia geforce_rtx_2080 -
nvidia geforce_gtx_760 -
nvidia nvidia_t600 -
nvidia quadro_p6000 -
nvidia geforce_gtx_1070_ti -
nvidia geforce_rtx_2080_ti -
nvidia geforce_gt_630 -
nvidia geforce_gt_640 -
nvidia quadro_p2200 -
nvidia geforce_gt_705 -
nvidia quadro_m2000m -
nvidia quadro_m5500 -
nvidia quadro_m6000 -
nvidia geforce_gtx_1080_ti -
nvidia gtx_titan_z -
nvidia gtx_titan -
nvidia geforce_gtx_1080 -
nvidia titan_xp -
nvidia dgx-2 -
nvidia geforce_gt_605 -
nvidia quadro_m620 -
nvidia quadro_t400 -
nvidia quadro_p5200 -
nvidia quadro_m3000m -
nvidia quadro_m520 -
nvidia jetson_agx_xavier_16gb -
nvidia geforce_gtx_970 -
nvidia quadro_p2000 -
nvidia geforce_gtx_780_ti -
nvidia geforce_gtx_650 -
nvidia tesla_p40 -
nvidia shield_tv_pro -
nvidia quadro_m500m -
nvidia quadro_m2200 -
nvidia quadro_p500 -
nvidia geforce_gt_635 -
nvidia dgx-1_v100 -
nvidia geforce_gtx_770 -
nvidia geforce_gtx_1660_ti -
nvidia tesla_m6 -
nvidia geforce_gt_610 -
nvidia tesla_m60 -
nvidia titan_rtx -
nvidia geforce_rtx_2070 -
nvidia geforce_gtx_1050 -
nvidia geforce_gtx_650_ti -
nvidia shield_tv -
nvidia quadro_rtx_3000 -
nvidia quadro_rtx_5000 -
nvidia nvidia_t2000 -
nvidia geforce_gtx_1650_super -
nvidia titan_v -
nvidia jetson_agx_xavier_8gb -
nvidia geforce_gt_720 -
nvidia tesla_p6 -
nvidia quadro_gv100 -
nvidia quadro_p400 -
nvidia quadro_p620 -
nvidia quadro_m4000 -
nvidia geforce_rtx_2080_super -
nvidia jetson_xavier_nx -
nvidia quadro_p5000 -
nvidia geforce_gtx_1650 -
nvidia geforce_rtx_2060 -
nvidia tesla_v100s -
nvidia geforce_gtx_650_ti_boost -
nvidia geforce_gtx_690 -
nvidia geforce_rtx_2070_super -
nvidia geforce_gtx_1660 -
nvidia geforce_gtx_960 -
nvidia quadro_p1000 -
nvidia quadro_m600m -
nvidia geforce_gtx_1050_ti -
nvidia geforce_gtx_660 -
nvidia quadro_rtx_6000 -
nvidia quadro_p600 -
nvidia quadro_m5000 -
nvidia geforce_gtx_1070 -
nvidia geforce_gt_740 -
nvidia nvidia_t400 -
CVE-2021-1106 MEDIUM

NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where writes may be allowed to read-only buffers, which may result in escalation of privileges, complete denial of service, unconstrained information disclosure, and serious data tampering of all processes on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
nvidia shield_experience *
nvidia jetson_linux *
CVE-2021-1107 MEDIUM

NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVMAP_IOC_WRITE* paths, where improper access controls may lead to code execution, complete denial of service, and seriously compromised integrity of all system components.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
nvidia shield_experience *
nvidia jetson_linux *
CVE-2021-1108 MEDIUM

NVIDIA Linux kernel distributions contain a vulnerability in FuSa Capture (VI/ISP), where integer underflow due to lack of input validation may lead to complete denial of service, partial integrity, and serious confidentiality loss for all processes in the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H 1.8 5.5
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H 1.8 5.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-191,

Products Affected

Vendor Product Version
nvidia shield_experience *
nvidia jetson_linux *
CVE-2021-1109 LOW

NVIDIA camera firmware contains a multistep, timing-related vulnerability where an unauthorized modification by camera resources may result in loss of data integrity or denial of service across several streams.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.2 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H 0.8 5.8
nvd@nist.gov 6.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H 1.0 5.2

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2021-1110 MEDIUM

NVIDIA Linux kernel distributions on Jetson Xavier contain a vulnerability in camera firmware where a user can change input data after validation, which may lead to complete denial of service and serious data corruption of all kernel components.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2021-1111 MEDIUM

Bootloader contains a vulnerability in the NV3P server where any user with physical access through USB can trigger an incorrect bounds check, which may lead to buffer overflow, resulting in limited information disclosure, limited data integrity, and denial of service across all components.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.7 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H 0.9 5.3
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H 0.9 5.3

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-125,

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2021-1112 MEDIUM

NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where a null pointer dereference may lead to complete denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2021-1113 MEDIUM

NVIDIA camera firmware contains a difficult to exploit vulnerability where a highly privileged attacker can cause unauthorized modification to camera resources, which may result in complete denial of service and partial loss of data integrity for all clients.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H 0.5 4.2
nvd@nist.gov 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H 0.5 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2021-1114 MEDIUM

NVIDIA Linux kernel distributions contain a vulnerability in the kernel crypto node, where use after free may lead to complete denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.8 3.6
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2021-1115 LOW

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs, where an attacker with local unprivileged system access may cause a NULL pointer dereference, which may lead to denial of service in a component beyond the vulnerable component.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 2.0 4.0
psirt@nvidia.com 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 2.0 4.0

CVSS 2.0

Severity: LOW

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
nvidia gpu_display_driver *
CVE-2021-1116 LOW

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
psirt@nvidia.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
nvidia gpu_display_driver *
CVE-2021-1117 LOW

Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an attacker through specific configuration and with local unprivileged system access may cause improper input validation, which may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
psirt@nvidia.com 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 1.0 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-129,CWE-129,

Products Affected

Vendor Product Version
nvidia gpu_display_driver *
CVE-2021-1118 MEDIUM

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to execute privileged operations by the guest OS, which may lead to information disclosure, data tampering, escalation of privileges, and denial of service

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-250,CWE-269,

Products Affected

Vendor Product Version
nvidia virtual_gpu *
CVE-2021-1119 LOW

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can double-free a pointer, which may lead to denial of service. This flaw may result in a write-what-where condition, allowing an attacker to execute arbitrary code impacting integrity and availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-415,CWE-415,

Products Affected

Vendor Product Version
nvidia virtual_gpu *
CVE-2021-1120 MEDIUM

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a string provided by the guest OS may not be properly null terminated. The guest OS or attacker has no ability to push content to the plugin through this vulnerability, which may lead to information disclosure, data tampering, unauthorized code execution, and denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-170,NVD-CWE-Other,

Products Affected

Vendor Product Version
nvidia virtual_gpu *
CVE-2021-1121 LOW

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager kernel driver, where a vGPU can cause resource starvation among other vGPUs hosted on the same GPU, which may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-770,CWE-770,

Products Affected

Vendor Product Version
nvidia virtual_gpu *
CVE-2021-1122 LOW

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a NULL pointer, which may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
psirt@nvidia.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
nvidia virtual_gpu *
CVE-2021-1123 LOW

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can deadlock, which may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-667,

Products Affected

Vendor Product Version
nvidia virtual_gpu *
CVE-2021-1125 MEDIUM

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to corrupt program data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 4.1 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N 0.5 3.6
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 0.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia dgx-1_p100 -
nvidia quadro_m1000m -
nvidia jetson_tx1 -
nvidia geforce_gtx_645 -
nvidia geforce_gt_625 -
nvidia jetson_nano -
nvidia geforce_gt_710 -
nvidia quadro_p4200 -
nvidia geforce_gtx_660_ti -
nvidia geforce_gtx_680 -
nvidia geforce_gtx_670 -
nvidia geforce_gtx_950 -
nvidia geforce_gtx_1060 -
nvidia tesla_m40 -
nvidia quadro_m5000m -
nvidia geforce_gt_620 -
nvidia quadro_p520 -
nvidia geforce_gtx_780 -
nvidia geforce_gtx_745 -
nvidia geforce_gtx_760_ti -
nvidia jetson_tx2_nx -
nvidia gtx_titan_black -
nvidia quadro_p3200 -
nvidia geforce_gtx_980 -
nvidia jetson_tx2_4gb -
nvidia tesla_v100 -
nvidia jetson_tx2 -
nvidia dgx_station_a100 -
nvidia nvidia_hgx-2 -
nvidia geforce_gtx_titan_x -
nvidia quadro_p4000 -
nvidia quadro_m2000 -
nvidia quadro_m1200 -
nvidia geforce_gt_730 -
nvidia tesla_p100 -
nvidia quadro_p3000 -
nvidia jetson_agx_xavier_32gb -
nvidia geforce_gtx_750 -
nvidia geforce_gtx_750_ti -
nvidia jetson_tx2i -
nvidia quadro_m4000m -
nvidia tesla_p4 -
nvidia titan_x -
nvidia tesla_m10 -
nvidia tesla_m4 -
nvidia geforce_gtx_760 -
nvidia quadro_p6000 -
nvidia geforce_gtx_1070_ti -
nvidia geforce_gt_630 -
nvidia geforce_gt_640 -
nvidia quadro_p2200 -
nvidia geforce_gt_705 -
nvidia quadro_m2000m -
nvidia quadro_m5500 -
nvidia quadro_m6000 -
nvidia geforce_gtx_1080_ti -
nvidia gtx_titan_z -
nvidia gtx_titan -
nvidia geforce_gtx_1080 -
nvidia titan_xp -
nvidia dgx-2 -
nvidia geforce_gt_605 -
nvidia quadro_m620 -
nvidia quadro_p5200 -
nvidia quadro_m3000m -
nvidia quadro_m520 -
nvidia jetson_agx_xavier_16gb -
nvidia geforce_gtx_970 -
nvidia quadro_p2000 -
nvidia geforce_gtx_780_ti -
nvidia geforce_gtx_650 -
nvidia tesla_p40 -
nvidia shield_tv_pro -
nvidia quadro_m500m -
nvidia quadro_m2200 -
nvidia quadro_p500 -
nvidia geforce_gt_635 -
nvidia dgx-1_v100 -
nvidia geforce_gtx_770 -
nvidia tesla_m6 -
nvidia geforce_gt_610 -
nvidia tesla_m60 -
nvidia geforce_gtx_1050 -
nvidia geforce_gtx_650_ti -
nvidia shield_tv -
nvidia titan_v -
nvidia jetson_agx_xavier_8gb -
nvidia geforce_gt_720 -
nvidia tesla_p6 -
nvidia quadro_gv100 -
nvidia quadro_p400 -
nvidia quadro_p620 -
nvidia quadro_m4000 -
nvidia jetson_xavier_nx -
nvidia quadro_p5000 -
nvidia tesla_v100s -
nvidia geforce_gtx_650_ti_boost -
nvidia geforce_gtx_690 -
nvidia geforce_gtx_960 -
nvidia quadro_p1000 -
nvidia quadro_m600m -
nvidia geforce_gtx_1050_ti -
nvidia geforce_gtx_660 -
nvidia quadro_p600 -
nvidia quadro_m5000 -
nvidia geforce_gtx_1070 -
nvidia geforce_gt_740 -
CVE-2021-23175 MEDIUM

NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service, affecting other resources beyond the intended security authority of GameStream.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H 1.5 6.0
psirt@nvidia.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H 1.5 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
nvidia geforce_experience *
CVE-2021-23201 MEDIUM

NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller, which may allow a user with elevated privileges to generate valid microcode by identifying, exploiting, and loading vulnerable microcode. Such an attack could lead to information disclosure, data corruption, or denial of service of the device. The scope may extend to other components.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0
psirt@nvidia.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia quadro_m1000m -
nvidia jetson_tx1 -
nvidia shield_tv -
nvidia quadro_m2000m -
nvidia geforce_gtx_titan_x -
nvidia quadro_m5500 -
nvidia quadro_m6000 -
nvidia quadro_m2000 -
nvidia jetson_nano -
nvidia quadro_m1200 -
nvidia tesla_m2050 -
nvidia tesla_p100 -
nvidia geforce_gtx_950 -
nvidia quadro_m620 -
nvidia quadro_m4000 -
nvidia quadro_m3000m -
nvidia quadro_m520 -
nvidia tesla_m40 -
nvidia quadro_m4000m -
nvidia geforce_gtx_970 -
nvidia quadro_m5000m -
nvidia tesla_m2070q -
nvidia geforce_gtx_960 -
nvidia tesla_m2090 -
nvidia tesla_m10 -
nvidia quadro_m600m -
nvidia tesla_m4 -
nvidia shield_tv_pro -
nvidia quadro_m500m -
nvidia quadro_m2200 -
nvidia geforce_gtx_980 -
nvidia tesla_m2070 -
nvidia tesla_m6 -
nvidia tesla_m60 -
nvidia quadro_m5000 -
CVE-2021-23217 MEDIUM

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to instantiate a DMA write operation only within a specific time window timed to corrupt code execution, which may impact confidentiality, integrity, or availability. The scope impact may extend to other components.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0
psirt@nvidia.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia geforce_gt_705 -
nvidia quadro_m1000m -
nvidia jetson_tx1 -
nvidia quadro_m2000m -
nvidia geforce_gtx_645 -
nvidia quadro_m5500 -
nvidia quadro_m6000 -
nvidia geforce_gt_625 -
nvidia gtx_titan_z -
nvidia jetson_nano -
nvidia geforce_gt_710 -
nvidia gtx_titan -
nvidia geforce_gtx_660_ti -
nvidia geforce_gtx_680 -
nvidia geforce_gt_605 -
nvidia geforce_gtx_670 -
nvidia geforce_gtx_950 -
nvidia quadro_m620 -
nvidia quadro_m3000m -
nvidia quadro_m520 -
nvidia tesla_m40 -
nvidia geforce_gtx_970 -
nvidia quadro_m5000m -
nvidia geforce_gt_620 -
nvidia geforce_gtx_780 -
nvidia geforce_gtx_745 -
nvidia geforce_gtx_760_ti -
nvidia geforce_gtx_780_ti -
nvidia gtx_titan_black -
nvidia geforce_gtx_650 -
nvidia shield_tv_pro -
nvidia quadro_m500m -
nvidia quadro_m2200 -
nvidia geforce_gtx_980 -
nvidia geforce_gt_635 -
nvidia geforce_gtx_770 -
nvidia tesla_m6 -
nvidia geforce_gt_610 -
nvidia tesla_m60 -
nvidia geforce_gtx_650_ti -
nvidia shield_tv -
nvidia geforce_gtx_titan_x -
nvidia quadro_m2000 -
nvidia quadro_m1200 -
nvidia geforce_gt_730 -
nvidia tesla_p100 -
nvidia geforce_gt_720 -
nvidia geforce_gtx_750 -
nvidia quadro_m4000 -
nvidia geforce_gtx_750_ti -
nvidia quadro_m4000m -
nvidia geforce_gtx_650_ti_boost -
nvidia geforce_gtx_690 -
nvidia geforce_gtx_960 -
nvidia tesla_m10 -
nvidia quadro_m600m -
nvidia tesla_m4 -
nvidia geforce_gtx_760 -
nvidia geforce_gtx_660 -
nvidia quadro_m5000 -
nvidia geforce_gt_630 -
nvidia geforce_gt_640 -
nvidia geforce_gt_740 -
CVE-2021-23219 LOW

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to access protected information by identifying, exploiting, and loading vulnerable microcode. Such an attack may lead to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 4.1 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 0.5 3.6
nvd@nist.gov 4.1 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 0.5 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia dgx-1_p100 -
nvidia drive_constellation -
nvidia quadro_m1000m -
nvidia jetson_tx1 -
nvidia geforce_gtx_645 -
nvidia geforce_gt_625 -
nvidia jetson_nano -
nvidia geforce_gt_710 -
nvidia quadro_p4200 -
nvidia geforce_gtx_660_ti -
nvidia geforce_gtx_680 -
nvidia geforce_rtx_2060_super -
nvidia quadro_rtx_4000 -
nvidia geforce_gtx_670 -
nvidia geforce_gtx_950 -
nvidia nvidia_t1000 -
nvidia geforce_gtx_1060 -
nvidia tesla_m40 -
nvidia quadro_m5000m -
nvidia geforce_gt_620 -
nvidia quadro_p520 -
nvidia geforce_gtx_780 -
nvidia geforce_gtx_745 -
nvidia geforce_gtx_760_ti -
nvidia quadro_t2000 -
nvidia jetson_tx2_nx -
nvidia gtx_titan_black -
nvidia quadro_p3200 -
nvidia geforce_gtx_980 -
nvidia geforce_gtx_1660_super -
nvidia jetson_tx2_4gb -
nvidia quadro_t600 -
nvidia tesla_v100 -
nvidia jetson_tx2 -
nvidia dgx_station_a100 -
nvidia nvidia_hgx-2 -
nvidia geforce_gtx_titan_x -
nvidia quadro_p4000 -
nvidia quadro_m2000 -
nvidia quadro_t1000 -
nvidia quadro_m1200 -
nvidia geforce_gt_730 -
nvidia tesla_p100 -
nvidia quadro_p3000 -
nvidia jetson_agx_xavier_32gb -
nvidia quadro_rtx_8000 -
nvidia geforce_gtx_750 -
nvidia geforce_gtx_750_ti -
nvidia jetson_tx2i -
nvidia quadro_m4000m -
nvidia nvidia_t4 -
nvidia tesla_p4 -
nvidia titan_x -
nvidia tesla_m10 -
nvidia tesla_m4 -
nvidia geforce_rtx_2080 -
nvidia geforce_gtx_760 -
nvidia nvidia_t600 -
nvidia quadro_p6000 -
nvidia geforce_gtx_1070_ti -
nvidia geforce_rtx_2080_ti -
nvidia geforce_gt_630 -
nvidia geforce_gt_640 -
nvidia quadro_p2200 -
nvidia geforce_gt_705 -
nvidia quadro_m2000m -
nvidia quadro_m5500 -
nvidia quadro_m6000 -
nvidia geforce_gtx_1080_ti -
nvidia gtx_titan_z -
nvidia gtx_titan -
nvidia geforce_gtx_1080 -
nvidia titan_xp -
nvidia dgx-2 -
nvidia geforce_gt_605 -
nvidia quadro_m620 -
nvidia quadro_t400 -
nvidia quadro_p5200 -
nvidia quadro_m3000m -
nvidia quadro_m520 -
nvidia jetson_agx_xavier_16gb -
nvidia geforce_gtx_970 -
nvidia quadro_p2000 -
nvidia geforce_gtx_780_ti -
nvidia geforce_gtx_650 -
nvidia tesla_p40 -
nvidia shield_tv_pro -
nvidia quadro_m500m -
nvidia quadro_m2200 -
nvidia quadro_p500 -
nvidia geforce_gt_635 -
nvidia dgx-1_v100 -
nvidia geforce_gtx_770 -
nvidia geforce_gtx_1660_ti -
nvidia tesla_m6 -
nvidia geforce_gt_610 -
nvidia tesla_m60 -
nvidia titan_rtx -
nvidia geforce_rtx_2070 -
nvidia geforce_gtx_1050 -
nvidia geforce_gtx_650_ti -
nvidia shield_tv -
nvidia quadro_rtx_3000 -
nvidia quadro_rtx_5000 -
nvidia nvidia_t2000 -
nvidia geforce_gtx_1650_super -
nvidia titan_v -
nvidia jetson_agx_xavier_8gb -
nvidia geforce_gt_720 -
nvidia tesla_p6 -
nvidia quadro_gv100 -
nvidia quadro_p400 -
nvidia quadro_p620 -
nvidia quadro_m4000 -
nvidia geforce_rtx_2080_super -
nvidia jetson_xavier_nx -
nvidia quadro_p5000 -
nvidia geforce_gtx_1650 -
nvidia geforce_rtx_2060 -
nvidia tesla_v100s -
nvidia geforce_gtx_650_ti_boost -
nvidia geforce_gtx_690 -
nvidia geforce_rtx_2070_super -
nvidia geforce_gtx_1660 -
nvidia geforce_gtx_960 -
nvidia quadro_p1000 -
nvidia quadro_m600m -
nvidia geforce_gtx_1050_ti -
nvidia geforce_gtx_660 -
nvidia quadro_rtx_6000 -
nvidia quadro_p600 -
nvidia quadro_m5000 -
nvidia geforce_gtx_1070 -
nvidia geforce_gt_740 -
nvidia nvidia_t400 -
CVE-2021-34372 MEDIUM

Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver contains a vulnerability in the NVIDIA OTE protocol message parsing code where an integer overflow in a malloc() size calculation leads to a buffer overflow on the heap, which might result in information disclosure, escalation of privileges, and denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H 1.5 6.0
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2021-34373 LOW

Trusty trusted Linux kernel (TLK) contains a vulnerability in the NVIDIA TLK kernel where a lack of heap hardening could cause heap overflows, which might lead to information disclosure and denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.9 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H 1.5 5.8
nvd@nist.gov 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H 0.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-787,

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2021-34374 MEDIUM

Trusty contains a vulnerability in command handlers where the length of input buffers is not verified. This vulnerability can cause memory corruption, which may lead to information disclosure, escalation of privileges, and denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
psirt@nvidia.com 7.7 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H 1.1 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2021-34375 MEDIUM

Trusty contains a vulnerability in all trusted applications (TAs) where the stack cookie was not randomized, which might result in stack-based buffer overflow, leading to denial of service, escalation of privileges, and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.7 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H 1.1 6.0
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2021-34376 MEDIUM

Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 5 is missing. Improper restriction of operations within the bounds of a memory buffer might lead to denial of service, escalation of privileges, and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.7 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H 1.1 6.0
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2021-34377 MEDIUM

Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 9 is missing. Improper restriction of operations within the bounds of a memory buffer might lead to escalation of privileges, information disclosure, and denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.7 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H 1.1 6.0
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2021-34378 MEDIUM

Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 11 is missing. Improper restriction of operations within the bounds of a memory buffer might lead to information disclosure, denial of service, or escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.7 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H 1.1 6.0
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2021-34379 MEDIUM

Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 10 is missing. The length of an I/O buffer parameter is not checked, which might lead to memory corruption.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
psirt@nvidia.com 7.7 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H 1.1 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2021-34380 MEDIUM

Bootloader contains a vulnerability in NVIDIA MB2 where potential heap overflow might cause corruption of the heap metadata, which might lead to arbitrary code execution, denial of service, and information disclosure during secure boot.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2021-34381 MEDIUM

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow on the size parameter of the tz_map_shared_mem function, which might lead to denial of service, information disclosure, or data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
psirt@nvidia.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2021-34382 MEDIUM

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel’s tz_map_shared_mem function where an integer overflow on the size parameter causes the request buffer and the logging buffer to overflow, allowing writes to arbitrary addresses within the kernel.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2021-34383 MEDIUM

Bootloader contains a vulnerability in NVIDIA MB2 where a potential heap overflow might lead to denial of service or escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2021-34384 MEDIUM

Bootloader contains a vulnerability in NVIDIA MB2 where a potential heap overflow could cause memory corruption, which might lead to denial of service or code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
psirt@nvidia.com 6.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H 1.0 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2021-34385 MEDIUM

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the calculation of a length could lead to a heap overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
psirt@nvidia.com 6.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H 0.3 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2021-34386 MEDIUM

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the calloc size calculation can cause the multiplication of count and size can overflow, which might lead to heap overflows.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H 0.3 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2021-34387 HIGH

The ARM TrustZone Technology on which Trusty is based on contains a vulnerability in access permission settings where the portion of the DRAM reserved for TrustZone is identity-mapped by TLK with read, write, and execute permissions, which gives write access to kernel code and data that is otherwise mapped read only.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H 0.3 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-276,

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2021-34388 MEDIUM

Bootloader contains a vulnerability in NVIDIA TegraBoot where a potential heap overflow might allow an attacker to control all the RAM after the heap block, leading to denial of service or code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H 1.0 5.2
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2021-34389 LOW

Trusty contains a vulnerability in NVIDIA OTE protocol message parsing code, which is present in all the TAs. An incorrect bounds check can allow a local user through a malicious client to access memory from the heap in the TrustZone, which may lead to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N 1.3 3.6
nvd@nist.gov 5.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N 1.3 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-401,

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2021-34390 LOW

Trusty contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow through a specific SMC call that is triggered by the user, which may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H 0.8 4.0
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-190,

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2021-34391 MEDIUM

Trusty contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow through a specific SMC call that is triggered by the user, which may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
psirt@nvidia.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H 0.8 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2021-34392 LOW

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the tz_map_shared_mem function can bypass boundary checks, which might lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
psirt@nvidia.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H 0.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-190,

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2021-34393 LOW

Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6
psirt@nvidia.com 4.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N 0.6 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-502,

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2021-34394 MEDIUM

Trusty contains a vulnerability in the NVIDIA OTE protocol that is present in all TAs. An incorrect message stream deserialization allows an attacker to use the malicious CA that is run by the user to cause the buffer overflow, which may lead to information disclosure and data modification.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 4.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H 0.6 3.6
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2021-34395 MEDIUM

Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource from a user with local privileges, which might lead to limited information disclosure, a low risk of modifcations to data, and limited denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L 0.8 3.4
psirt@nvidia.com 3.9 LOW CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L 0.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2021-34396 LOW

Bootloader contains a vulnerability in access permission settings where unauthorized software may be able to overwrite NVIDIA MB2 code, which would result in limited denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 2.3 LOW CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L 0.8 1.4
psirt@nvidia.com 3.0 LOW CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L 0.5 2.5

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2021-34397 LOW

Bootloader contains a vulnerability in NVIDIA MB2, which may cause free-the-wrong-heap, which may lead to limited denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 2.3 LOW CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L 0.8 1.4
psirt@nvidia.com 1.9 LOW CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L 0.5 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-787,

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2021-34398 HIGH

NVIDIA DCGM, all versions prior to 2.2.9, contains a vulnerability in the DIAG module where any user can inject shared libraries into the DCGM server, which is usually running as root, which may lead to privilege escalation, total loss of confidentiality and integrity, and complete denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-829,

Products Affected

Vendor Product Version
nvidia data_center_gpu_manager *
CVE-2021-34399 LOW

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed registers, which may lead to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 4.1 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 0.5 3.6
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia dgx-1_p100 -
nvidia drive_constellation -
nvidia quadro_m1000m -
nvidia jetson_tx1 -
nvidia geforce_gtx_645 -
nvidia geforce_gt_625 -
nvidia jetson_nano -
nvidia geforce_gt_710 -
nvidia quadro_p4200 -
nvidia geforce_gtx_660_ti -
nvidia geforce_gtx_680 -
nvidia geforce_rtx_2060_super -
nvidia quadro_rtx_4000 -
nvidia geforce_gtx_670 -
nvidia geforce_gtx_950 -
nvidia nvidia_t1000 -
nvidia geforce_gtx_1060 -
nvidia tesla_m40 -
nvidia quadro_m5000m -
nvidia geforce_gt_620 -
nvidia quadro_p520 -
nvidia geforce_gtx_780 -
nvidia geforce_gtx_745 -
nvidia geforce_gtx_760_ti -
nvidia quadro_t2000 -
nvidia jetson_tx2_nx -
nvidia gtx_titan_black -
nvidia quadro_p3200 -
nvidia geforce_gtx_980 -
nvidia geforce_gtx_1660_super -
nvidia jetson_tx2_4gb -
nvidia quadro_t600 -
nvidia tesla_v100 -
nvidia jetson_tx2 -
nvidia dgx_station_a100 -
nvidia nvidia_hgx-2 -
nvidia geforce_gtx_titan_x -
nvidia quadro_p4000 -
nvidia quadro_m2000 -
nvidia quadro_t1000 -
nvidia quadro_m1200 -
nvidia geforce_gt_730 -
nvidia tesla_p100 -
nvidia quadro_p3000 -
nvidia jetson_agx_xavier_32gb -
nvidia quadro_rtx_8000 -
nvidia geforce_gtx_750 -
nvidia geforce_gtx_750_ti -
nvidia jetson_tx2i -
nvidia quadro_m4000m -
nvidia nvidia_t4 -
nvidia tesla_p4 -
nvidia titan_x -
nvidia tesla_m10 -
nvidia tesla_m4 -
nvidia geforce_rtx_2080 -
nvidia geforce_gtx_760 -
nvidia nvidia_t600 -
nvidia quadro_p6000 -
nvidia geforce_gtx_1070_ti -
nvidia geforce_rtx_2080_ti -
nvidia geforce_gt_630 -
nvidia geforce_gt_640 -
nvidia quadro_p2200 -
nvidia geforce_gt_705 -
nvidia quadro_m2000m -
nvidia quadro_m5500 -
nvidia quadro_m6000 -
nvidia geforce_gtx_1080_ti -
nvidia gtx_titan_z -
nvidia gtx_titan -
nvidia geforce_gtx_1080 -
nvidia titan_xp -
nvidia dgx-2 -
nvidia geforce_gt_605 -
nvidia quadro_m620 -
nvidia quadro_t400 -
nvidia quadro_p5200 -
nvidia quadro_m3000m -
nvidia quadro_m520 -
nvidia jetson_agx_xavier_16gb -
nvidia geforce_gtx_970 -
nvidia quadro_p2000 -
nvidia geforce_gtx_780_ti -
nvidia geforce_gtx_650 -
nvidia tesla_p40 -
nvidia shield_tv_pro -
nvidia quadro_m500m -
nvidia quadro_m2200 -
nvidia quadro_p500 -
nvidia geforce_gt_635 -
nvidia dgx-1_v100 -
nvidia geforce_gtx_770 -
nvidia geforce_gtx_1660_ti -
nvidia tesla_m6 -
nvidia geforce_gt_610 -
nvidia tesla_m60 -
nvidia titan_rtx -
nvidia geforce_rtx_2070 -
nvidia geforce_gtx_1050 -
nvidia geforce_gtx_650_ti -
nvidia shield_tv -
nvidia quadro_rtx_3000 -
nvidia quadro_rtx_5000 -
nvidia nvidia_t2000 -
nvidia geforce_gtx_1650_super -
nvidia titan_v -
nvidia jetson_agx_xavier_8gb -
nvidia geforce_gt_720 -
nvidia tesla_p6 -
nvidia quadro_gv100 -
nvidia quadro_p400 -
nvidia quadro_p620 -
nvidia quadro_m4000 -
nvidia geforce_rtx_2080_super -
nvidia jetson_xavier_nx -
nvidia quadro_p5000 -
nvidia geforce_gtx_1650 -
nvidia geforce_rtx_2060 -
nvidia tesla_v100s -
nvidia geforce_gtx_650_ti_boost -
nvidia geforce_gtx_690 -
nvidia geforce_rtx_2070_super -
nvidia geforce_gtx_1660 -
nvidia geforce_gtx_960 -
nvidia quadro_p1000 -
nvidia quadro_m600m -
nvidia geforce_gtx_1050_ti -
nvidia geforce_gtx_660 -
nvidia quadro_rtx_6000 -
nvidia quadro_p600 -
nvidia quadro_m5000 -
nvidia geforce_gtx_1070 -
nvidia geforce_gt_740 -
nvidia nvidia_t400 -
CVE-2021-34400 LOW

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed memory, which may lead to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 4.1 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 0.5 3.6
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia dgx-1_p100 -
nvidia drive_constellation -
nvidia quadro_m1000m -
nvidia jetson_tx1 -
nvidia geforce_gtx_645 -
nvidia geforce_gt_625 -
nvidia jetson_nano -
nvidia geforce_gt_710 -
nvidia quadro_p4200 -
nvidia geforce_gtx_660_ti -
nvidia geforce_gtx_680 -
nvidia geforce_rtx_2060_super -
nvidia quadro_rtx_4000 -
nvidia geforce_gtx_670 -
nvidia geforce_gtx_950 -
nvidia nvidia_t1000 -
nvidia geforce_gtx_1060 -
nvidia tesla_m40 -
nvidia quadro_m5000m -
nvidia geforce_gt_620 -
nvidia quadro_p520 -
nvidia geforce_gtx_780 -
nvidia geforce_gtx_745 -
nvidia geforce_gtx_760_ti -
nvidia quadro_t2000 -
nvidia jetson_tx2_nx -
nvidia gtx_titan_black -
nvidia quadro_p3200 -
nvidia geforce_gtx_980 -
nvidia geforce_gtx_1660_super -
nvidia jetson_tx2_4gb -
nvidia quadro_t600 -
nvidia tesla_v100 -
nvidia jetson_tx2 -
nvidia dgx_station_a100 -
nvidia nvidia_hgx-2 -
nvidia geforce_gtx_titan_x -
nvidia quadro_p4000 -
nvidia quadro_m2000 -
nvidia quadro_t1000 -
nvidia quadro_m1200 -
nvidia geforce_gt_730 -
nvidia tesla_p100 -
nvidia quadro_p3000 -
nvidia jetson_agx_xavier_32gb -
nvidia quadro_rtx_8000 -
nvidia geforce_gtx_750 -
nvidia geforce_gtx_750_ti -
nvidia jetson_tx2i -
nvidia quadro_m4000m -
nvidia nvidia_t4 -
nvidia tesla_p4 -
nvidia titan_x -
nvidia tesla_m10 -
nvidia tesla_m4 -
nvidia geforce_rtx_2080 -
nvidia geforce_gtx_760 -
nvidia nvidia_t600 -
nvidia quadro_p6000 -
nvidia geforce_gtx_1070_ti -
nvidia geforce_rtx_2080_ti -
nvidia geforce_gt_630 -
nvidia geforce_gt_640 -
nvidia quadro_p2200 -
nvidia geforce_gt_705 -
nvidia quadro_m2000m -
nvidia quadro_m5500 -
nvidia quadro_m6000 -
nvidia geforce_gtx_1080_ti -
nvidia gtx_titan_z -
nvidia gtx_titan -
nvidia geforce_gtx_1080 -
nvidia titan_xp -
nvidia dgx-2 -
nvidia geforce_gt_605 -
nvidia quadro_m620 -
nvidia quadro_t400 -
nvidia quadro_p5200 -
nvidia quadro_m3000m -
nvidia quadro_m520 -
nvidia jetson_agx_xavier_16gb -
nvidia geforce_gtx_970 -
nvidia quadro_p2000 -
nvidia geforce_gtx_780_ti -
nvidia geforce_gtx_650 -
nvidia tesla_p40 -
nvidia shield_tv_pro -
nvidia quadro_m500m -
nvidia quadro_m2200 -
nvidia quadro_p500 -
nvidia geforce_gt_635 -
nvidia dgx-1_v100 -
nvidia geforce_gtx_770 -
nvidia geforce_gtx_1660_ti -
nvidia tesla_m6 -
nvidia geforce_gt_610 -
nvidia tesla_m60 -
nvidia titan_rtx -
nvidia geforce_rtx_2070 -
nvidia geforce_gtx_1050 -
nvidia geforce_gtx_650_ti -
nvidia shield_tv -
nvidia quadro_rtx_3000 -
nvidia quadro_rtx_5000 -
nvidia nvidia_t2000 -
nvidia geforce_gtx_1650_super -
nvidia titan_v -
nvidia jetson_agx_xavier_8gb -
nvidia geforce_gt_720 -
nvidia tesla_p6 -
nvidia quadro_gv100 -
nvidia quadro_p400 -
nvidia quadro_p620 -
nvidia quadro_m4000 -
nvidia geforce_rtx_2080_super -
nvidia jetson_xavier_nx -
nvidia quadro_p5000 -
nvidia geforce_gtx_1650 -
nvidia geforce_rtx_2060 -
nvidia tesla_v100s -
nvidia geforce_gtx_650_ti_boost -
nvidia geforce_gtx_690 -
nvidia geforce_rtx_2070_super -
nvidia geforce_gtx_1660 -
nvidia geforce_gtx_960 -
nvidia quadro_p1000 -
nvidia quadro_m600m -
nvidia geforce_gtx_1050_ti -
nvidia geforce_gtx_660 -
nvidia quadro_rtx_6000 -
nvidia quadro_p600 -
nvidia quadro_m5000 -
nvidia geforce_gtx_1070 -
nvidia geforce_gt_740 -
nvidia nvidia_t400 -
CVE-2021-34401 MEDIUM

NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVGPU_IOCTL_CHANNEL_SET_ERROR_NOTIFIER, where improper access control may lead to code execution, compromised integrity, or denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,NVD-CWE-Other,

Products Affected

Vendor Product Version
nvidia shield_experience *
CVE-2021-34402 MEDIUM

NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVDEC, where a user with high privileges might be able to read from or write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service, Information disclosure, loss of Integrity, or possible escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,CWE-125,CWE-787,

Products Affected

Vendor Product Version
nvidia shield_experience *
CVE-2021-34403 MEDIUM

NVIDIA Linux distributions contain a vulnerability in nvmap ioctl, which allows any user with a local account to exploit a use-after-free condition, leading to code privilege escalation, loss of confidentiality and integrity, or denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
nvidia shield_experience *
CVE-2021-34404 MEDIUM

Android images for T210 provided by NVIDIA contain a vulnerability in BROM, where failure to limit access to AHB-DMA when BROM fails may allow an unprivileged attacker with physical access to cause denial of service or impact integrity and confidentiality beyond the security scope of BROM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.6 HIGH CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 0.9 6.0
psirt@nvidia.com 7.1 HIGH CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 0.5 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia shield_experience *
CVE-2021-34405 MEDIUM

NVIDIA Linux distributions contain a vulnerability in TrustZone’s TEE_Malloc function, where an unchecked return value causing a null pointer dereference may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
psirt@nvidia.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-252,

Products Affected

Vendor Product Version
nvidia shield_experience *
CVE-2021-34406 MEDIUM

NVIDIA Tegra kernel driver contains a vulnerability in NVHost, where a specific race condition can lead to a null pointer dereference, which may lead to a system reboot.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 1.0 3.6
nvd@nist.gov 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 1.0 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-362,CWE-476,

Products Affected

Vendor Product Version
nvidia shield_experience *
CVE-2021-39158 MEDIUM

NVCaffe's python required dependencies list used to contain `gfortran`version prior to 0.17.4, entry which does not exist in the repository pypi.org. An attacker could potentially have posted malicious files to pypi.org causing a user to install it within NVCaffe.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-345,

Products Affected

Vendor Product Version
nvidia nvcaffe *
CVE-2022-21813 LOW

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service.

CVSS 2.0

Severity: LOW

Problem Type: CWE-284,CWE-755,

Products Affected

Vendor Product Version
nvidia cloud_gaming_guest -
nvidia gpu_display_driver -
nvidia nvs -
nvidia geforce -
nvidia quadro -
nvidia tesla -
nvidia virtual_gpu -
nvidia rtx -
CVE-2022-21814 LOW

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver package, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 1.8 4.2
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 1.8 4.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-280,CWE-755,

Products Affected

Vendor Product Version
nvidia gpu_display_driver -
nvidia nvs -
nvidia geforce -
nvidia quadro -
nvidia tesla -
nvidia rtx -
CVE-2022-21815 MEDIUM

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
psirt@nvidia.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
nvidia cloud_gaming_guest -
nvidia gpu_display_driver -
nvidia nvs -
nvidia geforce -
nvidia studio -
nvidia quadro -
nvidia tesla -
nvidia virtual_gpu -
nvidia rtx -
CVE-2022-21816 MEDIUM

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where a user in the guest OS can cause a GPU interrupt storm on the hypervisor host, leading to a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,CWE-306,

Products Affected

Vendor Product Version
nvidia virtual_gpu *
nvidia cloud_gaming_virtual_gpu *
CVE-2022-21817 MEDIUM

NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can get user to browse malicious site, to acquire access tokens allowing them to access resources in other security domains, which may lead to code execution, escalation of privileges, and impact to confidentiality and integrity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 9.3 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N 2.8 5.8

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia omniverse_launcher *
CVE-2022-21818 MEDIUM

NVIDIA License System contains a vulnerability in the installation scripts for the DLS virtual appliance, where a user on a network after signing in to the portal can access other users’ credentials, allowing them to gain escalated privileges, resulting in limited impact to both confidentiality and integrity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-312,CWE-312,

Products Affected

Vendor Product Version
nvidia license_system *
CVE-2022-21819 MEDIUM

NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physical access to the board direct read/write access to the entire system address space through the PCI bus. Such an attack could result in denial of service, code execution, escalation of privileges, and impact to data integrity and confidentiality. The scope impact may extend to other components.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.6 HIGH CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 0.9 6.0
psirt@nvidia.com 7.6 HIGH CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 0.9 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,CWE-732,

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2022-21820 MEDIUM

NVIDIA DCGM contains a vulnerability in nvhostengine, where a network user can cause detection of error conditions without action, which may lead to limited code execution, some denial of service, escalation of privileges, and limited impacts to both data confidentiality and integrity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4
psirt@nvidia.com 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-755,CWE-787,

Products Affected

Vendor Product Version
nvidia data_center_gpu_manager *
CVE-2022-21821 MEDIUM

NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in cuobjdump.To exploit this vulnerability, a remote attacker would require a local user to download a specially crafted, corrupted file and locally execute cuobjdump against the file. Such an attack may lead to remote code execution that causes complete denial of service and an impact on data confidentiality and integrity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1285,CWE-190,

Products Affected

Vendor Product Version
nvidia cuda_toolkit *
CVE-2022-21822 HIGH

NVIDIA FLARE contains a vulnerability in the admin interface, where an un-authorized attacker can cause Allocation of Resources Without Limits or Throttling, which may lead to cause system unavailable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-770,CWE-770,

Products Affected

Vendor Product Version
nvidia federated_learning_application_runtime_environment *
CVE-2022-22821 LOW

NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lead to deletion of any directory when admin privileges are available.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 2.0 LOW CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N 0.6 1.4
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 0.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-22,

Products Affected

Vendor Product Version
nvidia nemo *
CVE-2022-28181 MEDIUM

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0
psirt@nvidia.com 8.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H 1.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
nvidia virtual_gpu 14.0
nvidia virtual_gpu *
nvidia gpu_display_driver -
CVE-2022-28182 MEDIUM

NVIDIA GPU Display Driver for Windows contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), where an unauthorized attacker on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution to cause denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 8.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H 1.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
nvidia virtual_gpu 14.0
nvidia virtual_gpu *
nvidia gpu_display_driver -
CVE-2022-28183 LOW

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause an out-of-bounds read, which may lead to denial of service and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.7 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 2.5 5.2
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
nvidia virtual_gpu 14.0
nvidia virtual_gpu *
nvidia gpu_display_driver -
CVE-2022-28184 MEDIUM

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can access administrator- privileged registers, which may lead to denial of service, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 1.8 5.2
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia virtual_gpu 14.0
nvidia virtual_gpu *
nvidia gpu_display_driver -
CVE-2022-28185 LOW

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the ECC layer, where an unprivileged regular user can cause an out-of-bounds write, which may lead to denial of service and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.8 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H 2.5 4.2
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
nvidia virtual_gpu 14.0
nvidia virtual_gpu *
CVE-2022-28186 LOW

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly, which may lead to denial of service or data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 1.8 4.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
nvidia virtual_gpu 14.0
nvidia virtual_gpu *
nvidia gpu_display_driver -
CVE-2022-28187 MEDIUM

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where the memory management software does not release a resource after its effective lifetime has ended, which may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-772,CWE-772,

Products Affected

Vendor Product Version
nvidia gpu_display_driver -
CVE-2022-28188 MEDIUM

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly, which may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
nvidia virtual_gpu 14.0
nvidia virtual_gpu *
nvidia gpu_display_driver -
CVE-2022-28189 LOW

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a NULL pointer dereference may lead to a system crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
nvidia gpu_display_driver -
CVE-2022-28190 LOW

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where improper input validation can cause denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
nvidia gpu_display_driver -
CVE-2022-28191 MEDIUM

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where uncontrolled resource consumption can be triggered by an unprivileged regular user, which may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
nvidia virtual_gpu 14.0
nvidia virtual_gpu *
CVE-2022-28192 LOW

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where it may lead to a use-after-free, which in turn may cause denial of service. This attack is complex to carry out because the attacker needs to have control over freeing some host side resources out of sequence, which requires elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 4.1 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 0.5 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-416,CWE-416,

Products Affected

Vendor Product Version
nvidia virtual_gpu 14.0
nvidia virtual_gpu *
CVE-2022-28193 MEDIUM

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, loss of integrity, limited denial of service, and some impact to confidentiality.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L 0.8 4.7
nvd@nist.gov 5.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L 0.8 4.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-787,

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2022-28194 MEDIUM

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where, if TFTP is enabled, a local attacker with elevated privileges can cause a memory buffer overflow, which may lead to code execution, loss of Integrity, limited denial of service, and some impact to confidentiality.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L 2.5 4.7
nvd@nist.gov 5.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L 0.8 4.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-119,

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2022-28195 MEDIUM

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_read_file function, where insufficient validation of untrusted data may allow a highly privileged local attacker to cause a integer overflow, which may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. The scope of impact can extend to other components.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L 1.5 3.7
nvd@nist.gov 5.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L 1.5 3.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-190,

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2022-28196 LOW

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot blob_decompress function, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, limited loss of Integrity, and limited denial of service. The scope of impact can extend to other components.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L 1.5 2.7
psirt@nvidia.com 4.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L 1.5 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,CWE-787,

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2022-28197 MEDIUM

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_mount function, where Insufficient validation of untrusted data may allow a highly privileged local attacker to cause an integer overflow. This difficult-to-exploit vulnerability may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. The scope of impact can extend to other components.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.0 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L 0.8 3.7
nvd@nist.gov 5.0 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L 0.8 3.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2022-28198 MEDIUM

NVIDIA Omniverse Nucleus and Cache contain a vulnerability in its configuration of OpenSSL, where an attacker with physical access to the system can cause arbitrary code execution which can impact confidentiality, integrity, and availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 0.7 5.9
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-706,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
nvidia omniverse_nucleus 2021.3.2
nvidia omniverse_cache 2021.3.0
CVE-2022-28199

NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
nvd@nist.gov 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 3.9 4.7

Products Affected

Vendor Product Version
nvidia data_plane_development_kit *
CVE-2022-28200 MEDIUM

NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0
psirt@nvidia.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
nvidia dgx_a100_firmware *
CVE-2022-31599 MEDIUM

NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an uninitialized pointer, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-824,CWE-824,

Products Affected

Vendor Product Version
nvidia dgx_a100_firmware *
CVE-2022-31600 MEDIUM

NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmmCore, where a user with high privileges can chain another vulnerability to this vulnerability, causing an integer overflow, possibly leading to code execution, escalation of privileges, denial of service, compromised integrity, and information disclosure. The scope of impact can extend to other components.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
nvidia dgx_a100_firmware *
CVE-2022-31601 MEDIUM

NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmbiosPei, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
nvidia dgx_a100_firmware *
CVE-2022-31602 MEDIUM

NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with elevated privileges and a preconditioned heap can exploit an out-of-bounds write vulnerability, which may lead to code execution, denial of service, data integrity impact, and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
psirt@nvidia.com 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
nvidia dgx_a100_firmware *
CVE-2022-31603 MEDIUM

NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges and preconditioned IpSecDxe global data can exploit improper validation of an array index to cause code execution, which may lead to denial of service, data integrity impact, and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
psirt@nvidia.com 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-129,CWE-129,

Products Affected

Vendor Product Version
nvidia dgx_a100_firmware *
CVE-2022-31604 HIGH

NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. The deserialization of Untrusted Data may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
nvidia nvflare *
CVE-2022-31605 HIGH

NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module, where YAML files are loaded via yaml.load() instead of yaml.safe_load(). The deserialization of Untrusted Data, may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
nvidia nvflare *
CVE-2022-31606

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a failure to properly validate data might allow an attacker with basic user capabilities to cause an out-of-bounds access in kernel mode, which could lead to denial of service, information disclosure, escalation of privileges, or data tampering.

Products Affected

Vendor Product Version
nvidia virtual_gpu 14.0
nvidia virtual_gpu *
nvidia gpu_display_driver *
nvidia cloud_gaming_guest *
CVE-2022-31607

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where a local user with basic capabilities can cause improper input validation, which may lead to denial of service, escalation of privileges, data tampering, and limited information disclosure.

Products Affected

Vendor Product Version
nvidia gpu_display_driver *
nvidia cloud_gaming_guest *
CVE-2022-31608

NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Products Affected

Vendor Product Version
nvidia gpu_display_driver *
CVE-2022-31609

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows the guest VM to allocate resources for which the guest is not authorized. This vulnerability may lead to loss of data integrity and confidentiality, denial of service, or information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia virtual_gpu 14.0
nvidia virtual_gpu *
nvidia virtual_gpu 14.1
CVE-2022-31610

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds write, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

Products Affected

Vendor Product Version
nvidia virtual_gpu 14.0
nvidia virtual_gpu *
nvidia gpu_display_driver *
nvidia cloud_gaming_guest *
CVE-2022-31611

NVIDIA GeForce Experience contains an uncontrolled search path vulnerability in all its client installers, where an attacker with user level privileges may cause the installer to load an arbitrary DLL when the installer is launched. A successful exploit of this vulnerability could lead to escalation of privileges and code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9
psirt@nvidia.com 6.8 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H 1.3 5.5

Products Affected

Vendor Product Version
nvidia geforce_experience *
CVE-2022-31612

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to a system crash or a leak of internal kernel information.

Products Affected

Vendor Product Version
nvidia virtual_gpu 14.0
nvidia virtual_gpu *
nvidia gpu_display_driver *
nvidia cloud_gaming_guest *
CVE-2022-31613

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where any local user can cause a null-pointer dereference, which may lead to a kernel panic.

Products Affected

Vendor Product Version
nvidia virtual_gpu 14.0
nvidia virtual_gpu *
nvidia gpu_display_driver *
nvidia cloud_gaming_guest *
CVE-2022-31614

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where it may double-free some resources. An attacker may exploit this vulnerability with other vulnerabilities to cause denial of service, code execution, and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia virtual_gpu 14.0
nvidia virtual_gpu *
nvidia virtual_gpu 14.1
CVE-2022-31615

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.

Products Affected

Vendor Product Version
nvidia gpu_display_driver *
CVE-2022-31616

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to denial of service, or information disclosure.

Products Affected

Vendor Product Version
nvidia virtual_gpu 14.0
nvidia virtual_gpu *
nvidia gpu_display_driver *
nvidia cloud_gaming_guest *
CVE-2022-31617

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds read, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

Products Affected

Vendor Product Version
nvidia virtual_gpu 14.0
nvidia virtual_gpu *
nvidia gpu_display_driver *
nvidia cloud_gaming_guest *
CVE-2022-31618

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a null pointer, which may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
nvidia virtual_gpu 14.0
nvidia virtual_gpu *
nvidia virtual_gpu 14.1
CVE-2022-34665

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.

Products Affected

Vendor Product Version
nvidia virtual_gpu 14.0
nvidia virtual_gpu *
nvidia gpu_display_driver *
nvidia cloud_gaming_guest *
CVE-2022-34666

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.

Products Affected

Vendor Product Version
nvidia virtual_gpu *
nvidia cloud_gaming *
CVE-2022-34667

NVIDIA CUDA Toolkit SDK contains a stack-based buffer overflow vulnerability in cuobjdump, where an unprivileged remote attacker could exploit this buffer overflow condition by persuading a local user to download a specially crafted corrupted file and execute cuobjdump against it locally, which may lead to a limited denial of service and some loss of data integrity for the local user.

Products Affected

Vendor Product Version
nvidia cuda_toolkit *
CVE-2022-34668

NVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data due to Pickle usage may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
nvidia nvflare *
CVE-2022-34669

NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can access or modify system files or other files that are critical to the application, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

Products Affected

Vendor Product Version
nvidia virtual_gpu *
nvidia cloud_gaming *
CVE-2022-34670

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause truncation errors when casting a primitive to a primitive of smaller size causes data to be lost in the conversion, which may lead to denial of service or information disclosure.

Products Affected

Vendor Product Version
debian debian_linux 10.0
nvidia virtual_gpu *
nvidia gpu_display_driver *
nvidia cloud_gaming *
CVE-2022-34671

NVIDIA GPU Display Driver for Windows contains a vulnerability in the user-mode layer, where an unprivileged user can cause an out-of-bounds write, which may lead to code execution, information disclosure, and denial of service.

Products Affected

Vendor Product Version
nvidia gpu_display_driver *
CVE-2022-34672

NVIDIA Control Panel for Windows contains a vulnerability where an unauthorized user or an unprivileged regular user can compromise the security of the software by gaining privileges, reading sensitive information, or executing commands.

Products Affected

Vendor Product Version
nvidia virtual_gpu *
nvidia cloud_gaming *
CVE-2022-34673

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering.

Products Affected

Vendor Product Version
nvidia gpu_display_driver *
CVE-2022-34674

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where a helper function maps more physical pages than were requested, which may lead to undefined behavior or an information leak.

Products Affected

Vendor Product Version
debian debian_linux 10.0
nvidia virtual_gpu *
nvidia gpu_display_driver *
nvidia cloud_gaming *
CVE-2022-34675

NVIDIA Display Driver for Linux contains a vulnerability in the Virtual GPU Manager, where it does not check the return value from a null-pointer dereference, which may lead to denial of service.

Products Affected

Vendor Product Version
nvidia gpu_display_driver *
nvidia cloud_gaming *
CVE-2022-34676

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read may lead to denial of service, information disclosure, or data tampering.

Products Affected

Vendor Product Version
nvidia virtual_gpu *
nvidia cloud_gaming *
CVE-2022-34677

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause an integer to be truncated, which may lead to denial of service or data tampering.

Products Affected

Vendor Product Version
debian debian_linux 10.0
nvidia virtual_gpu *
nvidia gpu_display_driver *
nvidia cloud_gaming *
CVE-2022-34678

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause a null-pointer dereference, which may lead to denial of service.

Products Affected

Vendor Product Version
nvidia virtual_gpu *
nvidia cloud_gaming *
CVE-2022-34679

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unhandled return value can lead to a null-pointer dereference, which may lead to denial of service.

Products Affected

Vendor Product Version
nvidia virtual_gpu *
nvidia cloud_gaming *
CVE-2022-34680

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an integer truncation can lead to an out-of-bounds read, which may lead to denial of service.

Products Affected

Vendor Product Version
debian debian_linux 10.0
nvidia virtual_gpu *
nvidia gpu_display_driver *
nvidia cloud_gaming *
CVE-2022-34681

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler, where improper input validation of a display-related data structure may lead to denial of service.

Products Affected

Vendor Product Version
nvidia virtual_gpu *
nvidia cloud_gaming *
CVE-2022-34682

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a null-pointer dereference, which may lead to denial of service.

Products Affected

Vendor Product Version
nvidia virtual_gpu *
nvidia cloud_gaming *
CVE-2022-34683

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a null-pointer dereference occurs, which may lead to denial of service.

Products Affected

Vendor Product Version
nvidia virtual_gpu *
nvidia cloud_gaming *
CVE-2022-34684

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an off-by-one error may lead to data tampering or information disclosure.

Products Affected

Vendor Product Version
nvidia virtual_gpu *
nvidia gpu_display_driver *
nvidia cloud_gaming *
CVE-2022-42254

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, data tampering, or information disclosure.

Products Affected

Vendor Product Version
nvidia virtual_gpu *
nvidia gpu_display_driver *
nvidia cloud_gaming *
CVE-2022-42255

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering.

Products Affected

Vendor Product Version
nvidia virtual_gpu *
nvidia cloud_gaming *
CVE-2022-42256

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow in index validation may lead to denial of service, information disclosure, or data tampering.

Products Affected

Vendor Product Version
nvidia virtual_gpu *
nvidia cloud_gaming *
CVE-2022-42257

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure, data tampering or denial of service.

Products Affected

Vendor Product Version
debian debian_linux 10.0
nvidia virtual_gpu *
nvidia gpu_display_driver *
nvidia cloud_gaming *
CVE-2022-42258

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service, data tampering, or information disclosure.

Products Affected

Vendor Product Version
debian debian_linux 10.0
nvidia virtual_gpu *
nvidia gpu_display_driver *
nvidia cloud_gaming *
CVE-2022-42259

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service.

Products Affected

Vendor Product Version
debian debian_linux 10.0
nvidia virtual_gpu *
nvidia gpu_display_driver *
nvidia cloud_gaming *
CVE-2022-42260

NVIDIA vGPU Display Driver for Linux guest contains a vulnerability in a D-Bus configuration file, where an unauthorized user in the guest VM can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

Products Affected

Vendor Product Version
nvidia virtual_gpu *
nvidia gpu_display_driver *
nvidia cloud_gaming *
CVE-2022-42261

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service.

Products Affected

Vendor Product Version
nvidia virtual_gpu *
nvidia gpu_display_driver *
nvidia cloud_gaming *
CVE-2022-42262

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service.

Products Affected

Vendor Product Version
nvidia virtual_gpu *
nvidia gpu_display_driver *
nvidia cloud_gaming *
CVE-2022-42263

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an Integer overflow may lead to denial of service or information disclosure.

Products Affected

Vendor Product Version
nvidia virtual_gpu *
nvidia gpu_display_driver *
nvidia cloud_gaming *
CVE-2022-42264

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause the use of an out-of-range pointer offset, which may lead to data tampering, data loss, information disclosure, or denial of service.

Products Affected

Vendor Product Version
nvidia virtual_gpu *
nvidia gpu_display_driver *
nvidia cloud_gaming *
CVE-2022-42265

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure or data tampering.

Products Affected

Vendor Product Version
nvidia gpu_display_driver *
CVE-2022-42266

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can cause exposure of sensitive information to an actor that is not explicitly authorized to have access to that information, which may lead to limited information disclosure.

Products Affected

Vendor Product Version
nvidia virtual_gpu *
nvidia cloud_gaming *
CVE-2022-42267

NVIDIA GPU Display Driver for Windows contains a vulnerability where a regular user can cause an out-of-bounds read, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

Products Affected

Vendor Product Version
nvidia virtual_gpu *
CVE-2022-42268

Omniverse Kit contains a vulnerability in the reference applications Create, Audio2Face, Isaac Sim, View, Code, and Machinima. These applications allow executable Python code to be embedded in Universal Scene Description (USD) files to customize all aspects of a scene. If a user opens a USD file that contains embedded Python code in one of these applications, the embedded Python code automatically runs with the privileges of the user who opened the file. As a result, an unprivileged remote attacker could craft a USD file containing malicious Python code and persuade a local user to open the file, which may lead to information disclosure, data tampering, and denial of service.

Products Affected

Vendor Product Version
nvidia omniverse_machinima *
nvidia omniverse_audio2face *
nvidia omniverse_view *
nvidia omniverse_code *
nvidia omniverse_create *
nvidia nvidia_isaac_sim *
CVE-2022-42269

NVIDIA Trusted OS contains a vulnerability in an SMC call handler, where failure to validate untrusted input may allow a highly privileged local attacker to cause information disclosure and compromise integrity. The scope of the impact can extend to other components.

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2022-42270

NVIDIA distributions of Linux contain a vulnerability in nvdla_emu_task_submit, where unvalidated input may allow a local attacker to cause stack-based buffer overflow in kernel code, which may lead to escalation of privileges, compromised integrity and confidentiality, and denial of service.

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2022-42271

NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution

Products Affected

Vendor Product Version
nvidia dgx_a100_firmware *
CVE-2022-42272

NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow, which may lead to code execution, denial of service or escalation of privileges.

Products Affected

Vendor Product Version
nvidia dgx_a100_firmware *
CVE-2022-42273

NVIDIA BMC contains a vulnerability in libwebsocket, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution.

Products Affected

Vendor Product Version
nvidia dgx_a100_firmware *
CVE-2022-42274

NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution.

Products Affected

Vendor Product Version
nvidia bmc *
CVE-2022-42275

NVIDIA BMC IPMI handler allows an unauthenticated host to write to a host SPI flash bypassing secureboot protections. This may lead to a loss of integrity and denial of service.

Products Affected

Vendor Product Version
nvidia bmc *
CVE-2022-42276

NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.

Products Affected

Vendor Product Version
nvidia dgx_a100_firmware *
CVE-2022-42277

NVIDIA DGX Station contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.

Products Affected

Vendor Product Version
nvidia dgx_station_a100_firmware *
CVE-2022-42278

NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure and data tampering.

Products Affected

Vendor Product Version
nvidia bmc *
CVE-2022-42279

NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering.

Products Affected

Vendor Product Version
nvidia dgx_a100_firmware *
CVE-2022-42280

NVIDIA BMC contains a vulnerability in SPX REST auth handler, where an un-authorized attacker can exploit a path traversal, which may lead to authentication bypass.

Products Affected

Vendor Product Version
nvidia bmc *
CVE-2022-42281

NVIDIA DGX A100 contains a vulnerability in SBIOS in the FsRecovery, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclosure.

Products Affected

Vendor Product Version
nvidia dgx_a100_firmware *
CVE-2022-42282

NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can access arbitrary files, which may lead to information disclosure.

Products Affected

Vendor Product Version
nvidia bmc *
CVE-2022-42283

NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution.

Products Affected

Vendor Product Version
nvidia bmc *
CVE-2022-42284

NVIDIA BMC stores user passwords in an obfuscated form in a database accessible by the host. This may lead to a credentials exposure.

Products Affected

Vendor Product Version
nvidia bmc *
CVE-2022-42285

DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization (PEI)phase, where a privileged user can disable SPI flash protection, which may lead to denial of service, escalation of privileges, or data tampering.

Products Affected

Vendor Product Version
nvidia sbios *
CVE-2022-42286

DGX A100 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, or escalation of privileges.

Products Affected

Vendor Product Version
nvidia sbios *
CVE-2022-42287

NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure and data tampering.

Products Affected

Vendor Product Version
nvidia bmc *
CVE-2022-42288

NVIDIA BMC contains a vulnerability in IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid BMC username, which may lead to an information disclosure.

Products Affected

Vendor Product Version
nvidia dgx_a100_firmware *
CVE-2022-42289

NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering.

Products Affected

Vendor Product Version
nvidia dgx_a100_firmware *
CVE-2022-42290

NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering.

Products Affected

Vendor Product Version
nvidia dgx_a100_firmware *
CVE-2022-42291

NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering. An attacker does not have explicit control over the exploitation of this vulnerability, which requires the user to explicitly launch the installer from the compromised directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H 1.8 5.8
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 1.8 3.6

Products Affected

Vendor Product Version
nvidia geforce_experience *
CVE-2022-42292

NVIDIA GeForce Experience contains a vulnerability in the NVContainer component, where a user without administrator privileges can create a symbolic link to a file that requires elevated privileges to write to or modify, which may lead to denial of service, escalation of privilege or limited data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
psirt@nvidia.com 5.0 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H 0.8 4.2

Products Affected

Vendor Product Version
nvidia geforce_experience *
CVE-2023-0180

NVIDIA GPU Display Driver for Linux contains a vulnerability in a kernel mode layer handler, which may lead to denial of service or information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 1.8 5.2
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 1.8 5.2

Products Affected

Vendor Product Version
nvidia virtual_gpu *
CVE-2023-0181

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2
psirt@nvidia.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

Products Affected

Vendor Product Version
nvidia virtual_gpu *
CVE-2023-0182

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an out-of-bounds write can lead to denial of service, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia virtual_gpu *
CVE-2023-0183

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer where an out-of-bounds write can lead to denial of service and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

Products Affected

Vendor Product Version
nvidia virtual_gpu *
CVE-2023-0184

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler which may lead to denial of service, escalation of privileges, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

Products Affected

Vendor Product Version
nvidia gpu_display_driver *
CVE-2023-0185

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where sign conversion issuescasting an unsigned primitive to signed may lead to denial of service or information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H 0.8 5.3
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 1.8 5.2

Products Affected

Vendor Product Version
nvidia virtual_gpu *
CVE-2023-0186

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an out-of-bounds write can lead to denial of service and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 1.8 4.2
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

Products Affected

Vendor Product Version
nvidia virtual_gpu *
CVE-2023-0187

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read can lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H 1.8 4.2
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
nvidia virtual_gpu *
CVE-2023-0188

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged user can cause improper restriction of operations within the bounds of a memory buffer cause an out-of-bounds read, which may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
nvidia virtual_gpu *
CVE-2023-0189

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia virtual_gpu *
CVE-2023-0190

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a NULL pointer dereference may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
nvidia gpu_display_driver *
CVE-2023-0191

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds access may lead to denial of service or data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2
psirt@nvidia.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

Products Affected

Vendor Product Version
nvidia virtual_gpu *
CVE-2023-0192

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer handler, where improper privilege management can lead to escalation of privileges and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:L 0.5 4.2
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia virtual_gpu *
CVE-2023-0193

NVIDIA CUDA Toolkit SDK contains a vulnerability in cuobjdump, where a local user running the tool against a malicious binary may cause an out-of-bounds read, which may result in a limited denial of service and limited information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L 1.8 2.5
psirt@nvidia.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L 1.8 2.5

Products Affected

Vendor Product Version
nvidia cuda_toolkit *
CVE-2023-0194

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer driver, where an invalid display configuration may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 2.0 LOW CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 0.5 1.4
nvd@nist.gov 4.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 0.9 3.6

Products Affected

Vendor Product Version
nvidia virtual_gpu *
CVE-2023-0195

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer driver nvlddmkm.sys, where an can cause CWE-1284, which may lead to hypothetical Information leak of unimportant data such as local variable data of the driver

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 2.0 LOW CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 0.5 1.4
nvd@nist.gov 2.4 LOW CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 0.9 1.4

Products Affected

Vendor Product Version
nvidia virtual_gpu *
CVE-2023-0196

NVIDIA CUDA Toolkit SDK contains a bug in cuobjdump, where a local user running the tool against an ill-formed binary may cause a null- pointer dereference, which may result in a limited denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
nvidia cuda_toolkit *
CVE-2023-0197

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious user in a guest VM can cause a NULL-pointer dereference, which may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 2.0 4.0
psirt@nvidia.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
nvidia virtual_gpu *
CVE-2023-0198

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 1.8 4.7
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia virtual_gpu *
CVE-2023-0199

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds write can lead to denial of service and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 1.8 4.2

Products Affected

Vendor Product Version
nvidia gpu_display_driver *
CVE-2023-0200

NVIDIA DGX-2 contains a vulnerability in OFBD where a user with high privileges and a pre-conditioned heap can cause an access beyond a buffers end, which may lead to code execution, escalation of privileges, denial of service, and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

Products Affected

Vendor Product Version
nvidia bmc *
CVE-2023-0201

NVIDIA DGX-2 SBIOS contains a vulnerability in Bds, where a user with high privileges can cause a write beyond the bounds of an indexable resource, which may lead to code execution, denial of service, compromised integrity, and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
nvidia bmc *
CVE-2023-0202

NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the GenericSio and LegacySmmSredir SMM APIs. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

Products Affected

Vendor Product Version
nvidia dgx_a100_firmware *
CVE-2023-0203

NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.0 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L 3.1 1.4

Products Affected

Vendor Product Version
nvidia connectx_firmware *
CVE-2023-0204

NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can cause improper handling of exceptional conditions, which may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 2.0 4.0

Products Affected

Vendor Product Version
nvidia connectx_firmware *
CVE-2023-0205

NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.0 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L 3.1 1.4

Products Affected

Vendor Product Version
nvidia connectx_firmware *
CVE-2023-0206

NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the NVME SMM API. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

Products Affected

Vendor Product Version
nvidia dgx_a100_firmware *
CVE-2023-0207

NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM variable at runtime by executing privileged code. A successful exploit of this vulnerability may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

Products Affected

Vendor Product Version
nvidia sbios *
CVE-2023-0208

NVIDIA DCGM for Linux contains a vulnerability in HostEngine (server component) where a user may cause a heap-based buffer overflow through the bound socket. A successful exploit of this vulnerability may lead to denial of service and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H 2.0 5.8
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

Products Affected

Vendor Product Version
nvidia data_center_gpu_manager *
CVE-2023-0209

NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware implant, data tampering, and SecureBoot bypass.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

Products Affected

Vendor Product Version
nvidia sbios *
CVE-2023-25505

NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the AMI MegaRAC BMC , where an attacker with the appropriate level of authorization can cause a buffer overflow, which may lead to denial of service, information disclosure, or arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia bmc *
CVE-2023-25506

NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a user with elevated privileges to cause an access beyond the end of a buffer, which may lead to code execution, escalation of privileges, denial of service and information disclosure. The scope of the impact of this vulnerability can extend to other components.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

Products Affected

Vendor Product Version
nvidia sbios *
CVE-2023-25507

NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where an attacker with the appropriate level of authorization can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
nvidia bmc *
CVE-2023-25508

NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where an attacker with the appropriate level of authorization can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
nvidia bmc *
CVE-2023-25509

NVIDIA DGX-1 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, and escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 0.8 5.2

Products Affected

Vendor Product Version
nvidia sbios *
CVE-2023-25510

NVIDIA CUDA Toolkit SDK for Linux and Windows contains a NULL pointer dereference in cuobjdump, where a local user running the tool against a malformed binary may cause a limited denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
nvidia cuda_toolkit *
CVE-2023-25511

NVIDIA CUDA Toolkit for Linux and Windows contains a vulnerability in cuobjdump, where a division-by-zero error may enable a user to cause a crash, which may lead to a limited denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
nvidia cuda_toolkit *
CVE-2023-25512

NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds memory read by running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L 1.8 3.4

Products Affected

Vendor Product Version
nvidia cuda_toolkit *
CVE-2023-25513

NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L 1.8 3.4

Products Affected

Vendor Product Version
nvidia cuda_toolkit *
CVE-2023-25514

NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L 1.8 3.4

Products Affected

Vendor Product Version
nvidia cuda_toolkit *
CVE-2023-25515

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrusted data is parsed, which may lead to code execution, denial of service, escalation of privileges, data tampering, or information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.1 HIGH CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 0.5 6.0

Products Affected

Vendor Product Version
nvidia virtual_gpu *
nvidia gpu_display_driver *
nvidia cloud_gaming *
CVE-2023-25516

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause an integer overflow, which may lead to information disclosure and denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 1.8 5.2

Products Affected

Vendor Product Version
nvidia gpu_display_driver *
CVE-2023-25517

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 1.8 5.2

Products Affected

Vendor Product Version
nvidia gpu_display_driver *
CVE-2023-25518

NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and loss of integrity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.1 HIGH CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 0.5 6.0

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2023-25519

NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit contains a vulnerability where a restricted host may cause an incorrect user management error. A successful exploit of this vulnerability may lead to escalation of privileges. 

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia bluefield_1_firmware *
nvidia bluefield_2_ga_firmware *
nvidia bluefield_2_lts_firmware *
nvidia bluefield_3_ga_firmware *
CVE-2023-25520

NVIDIA Jetson Linux Driver Package contains a vulnerability in nvbootctrl, where a privileged local attacker can configure invalid settings, resulting in denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.8 3.6

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2023-25521

NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not performed. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

Products Affected

Vendor Product Version
nvidia dgx_a800_firmware *
nvidia dgx_a100_firmware *
CVE-2023-25522

NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause improper input validation by providing configuration information in an unexpected format. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

Products Affected

Vendor Product Version
nvidia dgx_a800_firmware *
nvidia dgx_a100_firmware *
CVE-2023-25523

NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the nvdisasm binary file, where an attacker may cause a NULL pointer dereference by providing a user with a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
nvidia cuda_toolkit *
CVE-2023-25524

NVIDIA Omniverse Workstation Launcher for Windows and Linux contains a vulnerability in the authentication flow, where a user’s access token is displayed in the browser user's address bar. An attacker could use this token to impersonate the user to access launcher resources. A successful exploit of this vulnerability may lead to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 4.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 2.5 1.4

Products Affected

Vendor Product Version
nvidia omniverse_launcher *
CVE-2023-25525

NVIDIA Cumulus Linux contains a vulnerability in forwarding where a VxLAN-encapsulated IPv6 packet received on an SVI interface with DMAC/DIPv6 set to the link-local address of the SVI interface may be incorrectly forwarded. A successful exploit may lead to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
psirt@nvidia.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
nvidia cumulus_linux *
CVE-2023-25526

NVIDIA Cumulus Linux contains a vulnerability in neighmgrd and nlmanager where an attacker on an adjacent network may cause an uncaught exception by injecting a crafted packet. A successful exploit may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
psirt@nvidia.com 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
nvidia cumulus_linux *
CVE-2023-25527

NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory. A successful exploit of this vulnerability may lead to arbitrary kernel code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia dgx_h100_firmware *
CVE-2023-25528

NVIDIA DGX H100 baseboard management controller (BMC) contains a vulnerability in a web server plugin, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
nvidia dgx_h100_firmware *
CVE-2023-25529

NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s session token by observing timing discrepancies between server responses. A successful exploit of this vulnerability may lead to information disclosure, escalation of privileges, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9
psirt@nvidia.com 8.0 HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N 1.6 5.8

Products Affected

Vendor Product Version
nvidia dgx_h100_firmware *
CVE-2023-25530

NVIDIA DGX H100 BMC contains a vulnerability in the KVM service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
nvidia dgx_h100_firmware *
CVE-2023-25531

NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
psirt@nvidia.com 7.6 HIGH CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H 0.9 6.0

Products Affected

Vendor Product Version
nvidia dgx_h100_firmware *
CVE-2023-25532

NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
nvidia dgx_h100_firmware *
CVE-2023-25533

NVIDIA DGX H100 BMC contains a vulnerability in the web UI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to information disclosure, code execution, and escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
psirt@nvidia.com 8.3 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L 1.7 6.0

Products Affected

Vendor Product Version
nvidia dgx_h100_firmware *
CVE-2023-25534

NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H 0.9 4.7
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
nvidia dgx_h100_firmware *
CVE-2023-31008

NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of services, escalation of privileges, and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H 1.8 5.5
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia dgx_h100_firmware *
CVE-2023-31009

NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
psirt@nvidia.com 8.3 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H 2.8 5.5

Products Affected

Vendor Product Version
nvidia dgx_h100_firmware *
CVE-2023-31010

NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges, information disclosure, and denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
nvidia dgx_h100_firmware *
CVE-2023-31011

NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.2 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N 0.9 4.2
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
nvidia dgx_h100_firmware *
CVE-2023-31012

NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
psirt@nvidia.com 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.9 5.2

Products Affected

Vendor Product Version
nvidia dgx_h100_firmware *
CVE-2023-31013

NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.9 5.2
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
nvidia dgx_h100_firmware *
CVE-2023-31014

NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a malicious application on the same device can process the implicit intent meant for the streamer component. A successful exploit of this vulnerability may lead to limited information disclosure, denial of service, and code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L 1.3 3.4
psirt@nvidia.com 4.2 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L 0.8 3.4

Products Affected

Vendor Product Version
nvidia geforce_now *
CVE-2023-31015

NVIDIA DGX H100 BMC contains a vulnerability in the REST service where a host user may cause as improper authentication issue. A successful exploit of this vulnerability may lead to escalation of privileges, information disclosure, code execution, and denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L 1.8 4.7
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia dgx_h100_firmware *
CVE-2023-31016

NVIDIA GPU Display Driver for Windows contains a vulnerability where an uncontrolled search path element may allow an attacker to execute arbitrary code, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia virtual_gpu *
CVE-2023-31017

NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may be able to write arbitrary data to privileged locations by using reparse points. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia virtual_gpu *
CVE-2023-31018

NVIDIA GPU Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a NULL-pointer dereference, which may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
psirt@nvidia.com 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 2.0 4.0

Products Affected

Vendor Product Version
nvidia virtual_gpu *
CVE-2023-31019

NVIDIA GPU Display Driver for Windows contains a vulnerability in wksServicePlugin.dll, where the driver implementation does not restrict or incorrectly restricts access from the named pipe server to a connecting client, which may lead to potential impersonation to the client's secure context.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 1.8 5.2
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia virtual_gpu *
CVE-2023-31020

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause improper access control, which may lead to denial of service or data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2
psirt@nvidia.com 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 1.8 4.2

Products Affected

Vendor Product Version
nvidia virtual_gpu *
CVE-2023-31021

NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a malicious user in the guest VM can cause a NULL-pointer dereference, which may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
nvidia virtual_gpu *
CVE-2023-31022

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
psirt@nvidia.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
nvidia virtual_gpu *
CVE-2023-31023

NVIDIA Display Driver for Windows contains a vulnerability where an attacker may cause a pointer dereference of an untrusted value, which may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
nvidia virtual_gpu *
CVE-2023-31024

NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause stack memory corruption by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
psirt@nvidia.com 9.0 CRITICAL CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 2.2 6.0

Products Affected

Vendor Product Version
nvidia dgx_a100_firmware *
CVE-2023-31025

NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection. A successful exploit of this vulnerability may lead to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
psirt@nvidia.com 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
nvidia dgx_a100_firmware *
CVE-2023-31026

NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a NULL-pointer dereference may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
psirt@nvidia.com 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H 1.5 4.0

Products Affected

Vendor Product Version
nvidia virtual_gpu *
CVE-2023-31027

NVIDIA GPU Display Driver for Windows contains a vulnerability that allows Windows users with low levels of privilege to escalate privileges when an administrator is updating GPU drivers, which may lead to escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9
psirt@nvidia.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H 1.5 6.0

Products Affected

Vendor Product Version
nvidia virtual_gpu *
CVE-2023-31029

NVIDIA DGX A100 baseboard management controller (BMC) contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
psirt@nvidia.com 9.3 CRITICAL CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.5 6.0

Products Affected

Vendor Product Version
nvidia dgx_a100_firmware *
CVE-2023-31030

NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 9.3 CRITICAL CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.5 6.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
nvidia dgx_a100_firmware *
CVE-2023-31031

NVIDIA DGX Station A100 and DGX Station A800 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local access. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
psirt@nvidia.com 4.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L 0.8 3.4

Products Affected

Vendor Product Version
nvidia dgx_a100_firmware *
CVE-2023-31032

NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access. A successful exploit of this vulnerability may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
nvidia dgx_a100_firmware *
CVE-2023-31033

NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a missing authentication issue for a critical function by an adjacent network . A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
nvidia dgx_a100_firmware *
CVE-2023-31034

NVIDIA DGX A100 SBIOS contains a vulnerability where a local attacker can cause input validation checks to be bypassed by causing an integer overflow. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.6 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:H 0.8 5.3
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia dgx_a100_firmware *
CVE-2023-31035

NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerability that could be used to execute arbitrary code at the SMM level. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia dgx_a100_firmware *
CVE-2023-31036

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where, when it is launched with the non-default command line option --model-control explicit, an attacker may use the model load API to cause a relative path traversal. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
nvidia triton_inference_server *
CVE-2023-31037

NVIDIA Bluefield 2 and Bluefield 3 DPU BMC contains a vulnerability in ipmitool, where a root user may cause code injection by a network call. A successful exploit of this vulnerability may lead to code execution on the OS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
psirt@nvidia.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
nvidia bluefield_bmc 2.8.2-46
nvidia bluefield_bmc 23.09
nvidia bluefield_bmc 23.04
nvidia bluefield_bmc 23.07
CVE-2023-44216

PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N 1.6 3.6

Products Affected

Vendor Product Version
microsoft windows_11 -
apple macos 13.1
intel core_i7-10610u -
intel core_i7-12700k -
canonical ubuntu_linux 22.04
google android 13.0
google pixel_6 -
intel core_i7-10510u -
nvidia geforce_rtx_3060 -
microsoft windows_10 -
intel core_i7-8700 -
amd ryzen_7_4800u -
intel core_i7-11800h -
apple m1_mac_mini -
nvidia geforce_rtx_2080_super -
amd ryzen_5_7600x -
CVE-2024-0072

NVIDIA CUDA toolkit for all platforms contains a vulnerability in cuobjdump and nvdisasm where an attacker may cause a crash by tricking a user into reading a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
nvidia cuda_toolkit *
CVE-2024-0076

NVIDIA CUDA toolkit for all platforms contains a vulnerability in cuobjdump and nvdisasm where an attacker may cause a crash by tricking a user into reading a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
nvidia cuda_toolkit *
CVE-2024-0081

NVIDIA NeMo framework for Ubuntu contains a vulnerability in tools/asr_webapp where an attacker may cause an allocation of resources without limits or throttling. A successful exploit of this vulnerability may lead to a server-side denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 3.9 4.0

Products Affected

Vendor Product Version
nvidia nemo 1.22.0
CVE-2024-0082

NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause improper privilege management by sending open file requests to the application. A successful exploit of this vulnerability might lead to local escalation of privileges, information disclosure, and data tampering

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H 1.5 6.0

Products Affected

Vendor Product Version
nvidia chatrtx *
CVE-2024-0083

NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause a cross-site scripting error by network by running malicious scripts in users' browsers. A successful exploit of this vulnerability might lead to code execution, denial of service, and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L 3.9 2.5

Products Affected

Vendor Product Version
nvidia chatrtx *
CVE-2024-0084

NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could execute privileged operations. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia virtual_gpu *
nvidia cloud_gaming *
CVE-2024-0085

NVIDIA vGPU software for Windows and Linux contains a vulnerability where unprivileged users could execute privileged operations on the host. A successful exploit of this vulnerability might lead to data tampering, escalation of privileges, and denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H 1.0 5.2

Products Affected

Vendor Product Version
nvidia virtual_gpu *
nvidia cloud_gaming *
CVE-2024-0086

NVIDIA vGPU software for Linux contains a vulnerability where the software can dereference a NULL pointer. A successful exploit of this vulnerability might lead to denial of service and undefined behavior in the vGPU plugin.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
nvidia virtual_gpu *
nvidia cloud_gaming *
CVE-2024-0087

NVIDIA Triton Inference Server for Linux contains a vulnerability where a user can set the logging location to an arbitrary file. If this file exists, logs are appended to the file. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 9.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:H 2.3 6.0

Products Affected

Vendor Product Version
nvidia triton_inference_server *
CVE-2024-0088

NVIDIA Triton Inference Server for Linux contains a vulnerability in shared memory APIs, where a user can cause an improper memory access issue by a network API. A successful exploit of this vulnerability might lead to denial of service and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.5 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H 0.7 4.7

Products Affected

Vendor Product Version
nvidia triton_inference_server *
CVE-2024-0089

NVIDIA GPU Display Driver for Windows contains a vulnerability where the information from a previous client or another process could be disclosed. A successful exploit of this vulnerability might lead to code execution, information disclosure, or data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia virtual_gpu *
nvidia gpu_display_driver *
nvidia cloud_gaming *
CVE-2024-0090

NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia virtual_gpu *
nvidia gpu_display_driver *
nvidia cloud_gaming *
CVE-2024-0091

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia virtual_gpu *
nvidia gpu_display_driver *
nvidia cloud_gaming *
CVE-2024-0092

NVIDIA GPU Driver for Windows and Linux contains a vulnerability where an improper check or improper handling of exception conditions might lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
nvidia virtual_gpu *
nvidia gpu_display_driver *
nvidia cloud_gaming *
CVE-2024-0093

NVIDIA GPU software for Linux contains a vulnerability where it can expose sensitive information to an actor that is not explicitly authorized to have access to that information. A successful exploit of this vulnerability might lead to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 2.0 4.0

Products Affected

Vendor Product Version
nvidia virtual_gpu *
nvidia cloud_gaming *
CVE-2024-0095

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrary data as a new log entry. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 9.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:H 2.3 6.0

Products Affected

Vendor Product Version
nvidia triton_inference_server *
CVE-2024-0096

NVIDIA ChatRTX for Windows contains a vulnerability in Chat RTX UI, where a user can cause an improper privilege management issue by sending user inputs to change execution flow. A successful exploit of this vulnerability might lead to information disclosure, escalation of privileges, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N 1.1 5.8

Products Affected

Vendor Product Version
nvidia chatrtx *
CVE-2024-0097

NVIDIA ChatRTX for Windows contains a vulnerability in ChatRTX UI, where a user can cause an improper privilege management issue by exploiting interprocess communication between different processes. A successful exploit of this vulnerability might lead to information disclosure, escalation of privileges, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N 1.1 5.8

Products Affected

Vendor Product Version
nvidia chatrtx *
CVE-2024-0098

NVIDIA ChatRTX for Windows contains a vulnerability in the ChatRTX UI and backend, where a user can cause a clear-text transmission of sensitive information issue by data sniffing. A successful exploit of this vulnerability might lead to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
nvidia chatrtx *
CVE-2024-0100

NVIDIA Triton Inference Server for Linux contains a vulnerability in the tracing API, where a user can corrupt system files. A successful exploit of this vulnerability might lead to denial of service and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 1.2 5.2

Products Affected

Vendor Product Version
nvidia triton_inference_server *
CVE-2024-0101

NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in ipfilter, where improper ipfilter definitions could enable an attacker to cause a failure by attacking the switch. A successful exploit of this vulnerability might lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
nvidia mlnx-os *
nvidia onyx *
nvidia mlnx-gw *
nvidia nvda-os_xc *
CVE-2024-0103

NVIDIA Triton Inference Server for Linux contains a vulnerability where a user may cause an incorrect Initialization of resource by network issue. A successful exploit of this vulnerability may lead to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
nvidia triton_inference_server *
CVE-2024-0104

NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in the LDAP AAA component, where a user can cause improper access. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 4.2 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N 1.6 2.5

Products Affected

Vendor Product Version
nvidia mlnx-os *
nvidia onyx *
nvidia mlnx-gw *
nvidia nvda-os_xc *
CVE-2024-0107

NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia virtual_gpu *
nvidia gpu_display_driver *
nvidia cloud_gaming -
CVE-2024-0113

NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
nvidia mlnx-os *
nvidia onyx *
nvidia mlnx-gw *
nvidia nvda-os_xc *
CVE-2024-0115

NVIDIA CV-CUDA for Ubuntu 20.04, Ubuntu 22.04, and Jetpack contains a vulnerability in Python APIs where a user may cause an uncontrolled resource consumption issue by a long running CV-CUDA Python process. A successful exploit of this vulnerability may lead to denial of service and data loss.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 1.8 4.2

Products Affected

Vendor Product Version
nvidia cv-cuda 0.2.1
nvidia cv-cuda 0.7.0
nvidia cv-cuda 0.1.0
nvidia cv-cuda 0.4.0
nvidia cv-cuda 0.2.0
nvidia cv-cuda 0.3.1
nvidia cv-cuda 0.6.0
nvidia cv-cuda 0.5.0
nvidia cv-cuda 0.3.0
nvidia cv-cuda 0.8.0
nvidia cv-cuda 0.9.0
CVE-2024-0116

NVIDIA Triton Inference Server contains a vulnerability where a user may cause an out-of-bounds read issue by releasing a shared memory region while it is in use. A successful exploit of this vulnerability may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

Products Affected

Vendor Product Version
nvidia triton_inference_server *
CVE-2024-0123

NVIDIA CUDA toolkit for Windows and Linux contains a vulnerability in the nvdisasm command line tool where an attacker may cause an improper validation in input issue by tricking the user into running nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
nvidia cuda_toolkit *
CVE-2024-0124

NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause nvdisasm to read freed memory by running it on a malformed ELF file. A successful exploit of this vulnerability might lead to a limited denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
nvidia cuda_toolkit *
CVE-2024-0125

NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause a NULL pointer dereference by running nvdisasm on a malformed ELF file. A successful exploit of this vulnerability might lead to a limited denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
nvidia cuda_toolkit *
CVE-2024-0129

NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. A successful exploit of this vulnerability may lead to code execution and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L 2.0 3.7

Products Affected

Vendor Product Version
nvidia nemo *
CVE-2024-0132

NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 9.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H 2.3 6.0
nvd@nist.gov 8.3 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 1.6 6.0

Products Affected

Vendor Product Version
nvidia nvidia_container_toolkit *
nvidia nvidia_gpu_operator *
CVE-2024-0133

NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 4.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N 2.3 1.4
nvd@nist.gov 3.4 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N 1.6 1.4

Products Affected

Vendor Product Version
nvidia nvidia_container_toolkit *
nvidia nvidia_gpu_operator *
CVE-2024-0134

NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this vulnerability might lead to data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 4.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N 2.3 1.4

Products Affected

Vendor Product Version
nvidia nvidia_container_toolkit *
nvidia nvidia_gpu_operator *
CVE-2024-0135

NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host binary. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.6 HIGH CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H 1.0 6.0

Products Affected

Vendor Product Version
nvidia nvidia_container_toolkit *
nvidia nvidia_gpu_operator *
CVE-2024-0136

NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code obtaining read and write access to host devices. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.6 HIGH CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H 1.0 6.0

Products Affected

Vendor Product Version
nvidia nvidia_container_toolkit *
nvidia nvidia_gpu_operator *
CVE-2024-0137

NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code running in the host’s network namespace. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successful exploit of this vulnerability may lead to denial of service and escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.5 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L 1.3 3.7

Products Affected

Vendor Product Version
nvidia nvidia_container_toolkit *
nvidia nvidia_gpu_operator *
CVE-2024-53870

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
nvidia cuda_toolkit *
CVE-2024-53871

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the nvdisasm binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability might lead to a partial denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
nvidia cuda_toolkit *
CVE-2024-53872

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
nvidia cuda_toolkit *
CVE-2024-53873

NVIDIA CUDA toolkit for Windows contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
nvidia cuda_toolkit *
CVE-2024-53874

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
nvidia cuda_toolkit *
CVE-2024-53875

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
nvidia cuda_toolkit *
CVE-2024-53876

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the nvdisasm binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability might lead to a partial denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
nvidia cuda_toolkit *
CVE-2024-53877

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the nvdisasm binary, where a user could cause a NULL pointer exception by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability might lead to a partial denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
nvidia cuda_toolkit *
CVE-2024-53878

NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the cuobjdump binary, where a user could cause a crash by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 2.8 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L 1.3 1.4

Products Affected

Vendor Product Version
nvidia cuda_toolkit *
CVE-2024-53879

NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the cuobjdump binary, where a user could cause a crash by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 2.8 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L 1.3 1.4

Products Affected

Vendor Product Version
nvidia cuda_toolkit *
CVE-2024-53880

NVIDIA Triton Inference Server contains a vulnerability in the model loading API, where a user could cause an integer overflow or wraparound error by loading a model with an extra-large file size that overflows an internal variable. A successful exploit of this vulnerability might lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

Products Affected

Vendor Product Version
nvidia triton_inference_server *
CVE-2025-23242

NVIDIA Riva contains a vulnerability where a user could cause an improper access control issue. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, denial of service, or information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
psirt@nvidia.com 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

Products Affected

Vendor Product Version
nvidia riva *
CVE-2025-23243

NVIDIA Riva contains a vulnerability where a user could cause an improper access control issue. A successful exploit of this vulnerability might lead to data tampering or denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 3.9 2.5
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

Products Affected

Vendor Product Version
nvidia riva *
CVE-2025-23247

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute arbitrary code by passing in a malformed ELF file. A successful exploit of this vulnerability might lead to arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N 1.8 2.5

Products Affected

Vendor Product Version
nvidia cuda_toolkit *
CVE-2025-23248

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability may lead to a partial denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
nvidia cuda_toolkit *
CVE-2025-23249

NVIDIA NeMo Framework contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L 2.8 4.7

Products Affected

Vendor Product Version
nvidia nemo *
CVE-2025-23250

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause an improper limitation of a pathname to a restricted directory by an arbitrary file write. A successful exploit of this vulnerability might lead to code execution and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L 2.8 4.7

Products Affected

Vendor Product Version
nvidia nemo *
CVE-2025-23251

NVIDIA NeMo Framework contains a vulnerability where a user could cause an improper control of generation of code by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L 2.8 4.7

Products Affected

Vendor Product Version
nvidia nemo *
CVE-2025-23252

The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to gain access to restricted components. A successful exploit of this vulnerability may lead to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 4.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N 0.9 3.6

Products Affected

Vendor Product Version
nvidia nvdebug 1.6.0
CVE-2025-23255

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary where a user may cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability may lead to a partial denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
nvidia cuda_toolkit *
CVE-2025-23260

NVIDIA AIStore contains a vulnerability in the AIS Operator where a user may gain elevated k8s cluster access by using the ServiceAccount attached to the ClusterRole. A successful exploit of this vulnerability may lead to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.0 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 3.1 1.4

Products Affected

Vendor Product Version
nvidia aistore *
nvidia aistore_on_kubernetes *
CVE-2025-23264

NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia megatron-lm *
CVE-2025-23265

NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia megatron-lm *
CVE-2025-23268

NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker may cause an improper input validation issue. A successful exploit of this vulnerability may lead to code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
psirt@nvidia.com 8.0 HIGH CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 1.3 6.0

Products Affected

Vendor Product Version
nvidia triton_inference_server *
CVE-2025-23271

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability may lead to a partial denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
nvidia cuda_toolkit *
CVE-2025-23273

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a local authenticated user may cause a divide by zero error by submitting a specially crafted JPEG file. A successful exploit of this vulnerability may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 2.5 LOW CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L 1.0 1.4
nvd@nist.gov 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 1.0 3.6

Products Affected

Vendor Product Version
nvidia nvjpeg -
nvidia cuda_toolkit *
CVE-2025-23275

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a local authenticated user may cause a GPU out-of-bounds write by providing certain image dimensions. A successful exploit of this vulnerability may lead to denial of service and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 1.8 5.2
psirt@nvidia.com 4.2 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L 0.8 3.4

Products Affected

Vendor Product Version
nvidia nvjpeg -
nvidia cuda_toolkit *
CVE-2025-23295

NVIDIA Apex for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia apex *
CVE-2025-23303

NVIDIA NeMo Framework for all platforms contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
nvidia nemo *
CVE-2025-23304

NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by loading .nemo files with maliciously crafted metadata. A successful exploit of this vulnerability may lead to remote code execution and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia nemo *
CVE-2025-23305

NVIDIA Megatron-LM for all platforms contains a vulnerability in the tools component, where an attacker may exploit a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia megatron-lm *
CVE-2025-23306

NVIDIA Megatron-LM for all platforms contains a vulnerability in the megatron/training/ arguments.py component where an attacker could cause a code injection issue by providing a malicious input. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia megatron-lm *
CVE-2025-23307

NVIDIA NeMo Curator for all platforms contains a vulnerability where a malicious file created by an attacker could allow code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia nemo_curator *
CVE-2025-23308

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where an attacker may cause a heap-based buffer overflow by getting the user to run nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to arbitrary code execution at the privilege level of the user running nvdisasm.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 1.8 1.4
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia cuda_toolkit *
CVE-2025-23310

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause stack buffer overflow by specially crafted inputs. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
nvidia triton_inference_server *
CVE-2025-23311

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a stack overflow through specially crafted HTTP requests. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, or data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
nvidia triton_inference_server *
CVE-2025-23312

NVIDIA NeMo Framework for all platforms contains a vulnerability in the retrieval services component, where malicious data created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia nemo *
CVE-2025-23313

NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia nemo *
CVE-2025-23314

NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia nemo *
CVE-2025-23315

NVIDIA NeMo Framework for all platforms contains a vulnerability in the export and deploy component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia nemo *
CVE-2025-23316

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause a remote code execution by manipulating the model name parameter in the model control APIs. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
nvidia triton_inference_server *
CVE-2025-23317

NVIDIA Triton Inference Server contains a vulnerability in the HTTP server, where an attacker could start a reverse shell by sending a specially crafted HTTP request. A successful exploit of this vulnerability might lead to remote code execution, denial of service, data tampering, or information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
psirt@nvidia.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

Products Affected

Vendor Product Version
nvidia triton_inference_server *
CVE-2025-23318

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
nvidia triton_inference_server *
CVE-2025-23319

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write by sending a request. A successful exploit of this vulnerability might lead to remote code execution, denial of service, data tampering, or information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
nvidia triton_inference_server *
CVE-2025-23320

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause the shared memory limit to be exceeded by sending a very large request. A successful exploit of this vulnerability might lead to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
nvidia triton_inference_server *
CVE-2025-23321

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a divide by zero issue by issuing an invalid request. A successful exploit of this vulnerability might lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
nvidia triton_inference_server *
CVE-2025-23322

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where multiple requests could cause a double free when a stream is cancelled before it is processed. A successful exploit of this vulnerability might lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
nvidia triton_inference_server *
CVE-2025-23323

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a segmentation fault, by providing an invalid request. A successful exploit of this vulnerability might lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
nvidia triton_inference_server *
CVE-2025-23324

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a segmentation fault, by providing an invalid request. A successful exploit of this vulnerability might lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
nvidia triton_inference_server *
CVE-2025-23325

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause uncontrolled recursion through a specially crafted input. A successful exploit of this vulnerability might lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
nvidia triton_inference_server *
CVE-2025-23326

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through a specially crafted input. A successful exploit of this vulnerability might lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
nvidia triton_inference_server *
CVE-2025-23327

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through specially crafted inputs. A successful exploit of this vulnerability might lead to denial of service and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

Products Affected

Vendor Product Version
nvidia triton_inference_server *
CVE-2025-23328

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bounds write through a specially crafted input. A successful exploit of this vulnerability might lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
nvidia triton_inference_server *
CVE-2025-23329

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause memory corruption by identifying and accessing the shared memory region used by the Python backend. A successful exploit of this vulnerability might lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
nvidia triton_inference_server *
CVE-2025-23331

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a memory allocation with excessive size value, leading to a segmentation fault, by providing an invalid request. A successful exploit of this vulnerability might lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
nvidia triton_inference_server *
CVE-2025-23333

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by manipulating shared memory data. A successful exploit of this vulnerability might lead to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
nvidia triton_inference_server *
CVE-2025-23334

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by sending a request. A successful exploit of this vulnerability might lead to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
psirt@nvidia.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

Products Affected

Vendor Product Version
nvidia triton_inference_server *
CVE-2025-23335

NVIDIA Triton Inference Server for Windows and Linux and the Tensor RT backend contain a vulnerability where an attacker could cause an underflow by a specific model configuration and a specific input. A successful exploit of this vulnerability might lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
psirt@nvidia.com 4.4 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 0.7 3.6

Products Affected

Vendor Product Version
nvidia triton_inference_server *
CVE-2025-23336

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause a denial of service by loading a misconfigured model. A successful exploit of this vulnerability might lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
psirt@nvidia.com 4.4 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 0.7 3.6

Products Affected

Vendor Product Version
nvidia triton_inference_server *
CVE-2025-23338

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where a user may cause an out-of-bounds write by running nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
psirt@nvidia.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
nvidia cuda_toolkit *
CVE-2025-23339

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in cuobjdump where an attacker may cause a stack-based buffer overflow by getting the user to run cuobjdump on a malicious ELF file. A successful exploit of this vulnerability may lead to arbitrary code execution at the privilege level of the user running cuobjdump.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 1.8 1.4
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia cuda_toolkit *
CVE-2025-23340

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability may lead to a partial denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
nvidia cuda_toolkit *
CVE-2025-23342

The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to gain access to a privileged account . A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H 1.5 6.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
nvidia nvdebug *
CVE-2025-23343

The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to write files to restricted components. A successful exploit of this vulnerability may lead to information disclosure, denial of service, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.6 HIGH CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H 0.9 6.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
nvidia nvdebug *
CVE-2025-23344

The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to run code on the platform host as a non-privileged user. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
psirt@nvidia.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
nvidia nvdebug *
CVE-2025-23346

NVIDIA CUDA Toolkit contains a vulnerability in cuobjdump, where an unprivileged user can cause a NULL pointer dereference. A successful exploit of this vulnerability may lead to a limited denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
nvidia cuda_toolkit *
CVE-2025-23348

NVIDIA Megatron-LM for all platforms contains a vulnerability in the pretrain_gpt script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia megatron-lm 0.13.0
nvidia megatron-lm *
CVE-2025-23349

NVIDIA Megatron-LM for all platforms contains a vulnerability in the tasks/orqa/unsupervised/nq.py component, where an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia megatron-lm 0.13.0
nvidia megatron-lm *
CVE-2025-23353

NVIDIA Megatron-LM for all platforms contains a vulnerability in the msdp preprocessing script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, Information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia megatron-lm 0.13.0
nvidia megatron-lm *
CVE-2025-23354

NVIDIA Megatron-LM for all platforms contains a vulnerability in the ensemble_classifer script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, Information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia megatron-lm 0.13.0
nvidia megatron-lm *
CVE-2025-23355

NVIDIA Nsight Graphics for Windows contains a vulnerability in an ngfx component, where an attacker could cause a DLL highjacking attack. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia nsight_graphics *
CVE-2025-23359

NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 8.3 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 1.6 6.0

Products Affected

Vendor Product Version
nvidia nvidia_container_toolkit *
nvidia nvidia_gpu_operator *
CVE-2025-23360

NVIDIA Nemo Framework contains a vulnerability where a user could cause a relative path traversal issue by arbitrary file write. A successful exploit of this vulnerability may lead to code execution and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
psirt@nvidia.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H 1.8 5.2

Products Affected

Vendor Product Version
nvidia nemo *
CVE-2025-23361

NVIDIA NeMo Framework for all platforms contains a vulnerability in a script, where malicious input created by an attacker may cause improper control of code generation. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia nemo *
CVE-2025-33178

NVIDIA NeMo Framework for all platforms contains a vulnerability in the bert services component where malicious data created by an attacker may cause a code injection. A successful exploit of this vulnerability may lead to Code execution, Escalation of privileges, Information disclosure, and Data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia nemo *
CVE-2025-33179

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command. A successful exploit of this vulnerability might lead to escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
nvidia nvos *
nvidia cumulus_linux *
CVE-2025-33180

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
nvidia nvos *
nvidia cumulus_linux *
CVE-2025-33181

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
nvidia nvos *
nvidia cumulus_linux *
CVE-2025-33187

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT, where an attacker could use privileged access to gain access to SoC protected areas. A successful exploit of this vulnerability might lead to code execution, information disclosure, data tampering, denial of service, or escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 9.3 CRITICAL CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.5 6.0

Products Affected

Vendor Product Version
nvidia dgx_os -
nvidia dgx_os *
CVE-2025-33188

NVIDIA DGX Spark GB10 contains a vulnerability in hardware resources where an attacker could tamper with hardware controls. A successful exploit of this vulnerability might lead to information disclosure, data tampering, or denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 8.0 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H 2.5 5.5

Products Affected

Vendor Product Version
nvidia dgx_os -
nvidia dgx_os *
CVE-2025-33189

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an out-of-bound write. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, information disclosure, or escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia dgx_os -
nvidia dgx_os *
CVE-2025-33190

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware where an attacker could cause an out-of-bound write. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, or escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
nvidia dgx_os -
nvidia dgx_os *
CVE-2025-33191

NVIDIA DGX Spark GB10 contains a vulnerability in OSROOT firmware, where an attacker could cause an invalid memory read. A successful exploit of this vulnerability might lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L 2.5 2.7

Products Affected

Vendor Product Version
nvidia dgx_os -
nvidia dgx_os *
CVE-2025-33192

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an arbitrary memory read. A successful exploit of this vulnerability might lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L 2.5 2.7

Products Affected

Vendor Product Version
nvidia dgx_os -
nvidia dgx_os *
CVE-2025-33193

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper validation of integrity. A successful exploit of this vulnerability might lead to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L 2.5 2.7

Products Affected

Vendor Product Version
nvidia dgx_os -
nvidia dgx_os *
CVE-2025-33194

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper processing of input data. A successful exploit of this vulnerability might lead to information disclosure or denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L 2.5 2.7

Products Affected

Vendor Product Version
nvidia dgx_os -
nvidia dgx_os *
CVE-2025-33195

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause unexpected memory buffer operations. A successful exploit of this vulnerability might lead to data tampering, denial of service, or escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 1.8 2.5

Products Affected

Vendor Product Version
nvidia dgx_os -
CVE-2025-33196

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

Products Affected

Vendor Product Version
nvidia dgx_os -
CVE-2025-33197

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a NULL pointer dereference. A successful exploit of this vulnerability might lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 4.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L 2.5 1.4

Products Affected

Vendor Product Version
nvidia dgx_os -
CVE-2025-33198

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 1.8 1.4

Products Affected

Vendor Product Version
nvidia dgx_os -
CVE-2025-33199

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause incorrect control flow behavior. A successful exploit of this vulnerability might lead to data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 3.2 LOW CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N 1.5 1.4

Products Affected

Vendor Product Version
nvidia dgx_os -
CVE-2025-33200

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 2.3 LOW CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N 0.8 1.4

Products Affected

Vendor Product Version
nvidia dgx_os -
CVE-2025-33201

NVIDIA Triton Inference Server contains a vulnerability where an attacker may cause an improper check for unusual or exceptional conditions issue by sending extra large payloads. A successful exploit of this vulnerability may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
nvidia triton_inference_server *
CVE-2025-33202

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where an attacker could cause a stack overflow by sending extra-large payloads. A successful exploit of this vulnerability might lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
nvidia triton_inference_server *
CVE-2025-33204

NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components, where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia nemo *
CVE-2025-33205

NVIDIA NeMo framework contains a vulnerability in a predefined variable, where an attacker could cause inclusion of functionality from an untrusted control sphere by use of a predefined variable. A successful exploit of this vulnerability may lead to code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
nvidia nemo *
CVE-2025-33206

NVIDIA NSIGHT Graphics for Linux contains a vulnerability where an attacker could cause command injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia nsight_graphics *
CVE-2025-33208

NVIDIA TAO contains a vulnerability where an attacker may cause a resource to be loaded via an uncontrolled search path. A successful exploit of this vulnerability may lead to escalation of privileges, data tampering, denial of service, information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
nvidia tao_toolkit 6.25.7
CVE-2025-33210

NVIDIA Isaac Lab contains a deserialization vulnerability. A successful exploit of this vulnerability might lead to code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 9.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
nvidia isaac_lab *
CVE-2025-33211

NVIDIA Triton Server for Linux contains a vulnerability where an attacker may cause an improper validation of specified quantity in input. A successful exploit of this vulnerability may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
nvidia triton_inference_server *
CVE-2025-33212

NVIDIA NeMo Framework contains a vulnerability in model loading that could allow an attacker to exploit improper control mechanisms if a user loads a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
nvidia nemo *
CVE-2025-33222

NVIDIA Isaac Launchable contains a vulnerability where an attacker could exploit a hard-coded credential issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
nvidia isaac_launchable 1.0
CVE-2025-33223

NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
nvidia isaac_launchable 1.0
CVE-2025-33224

NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
nvidia isaac_launchable 1.0
CVE-2025-33225

NVIDIA Resiliency Extension for Linux contains a vulnerability in log aggregation, where an attacker could cause predictable log-file names. A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9

Products Affected

Vendor Product Version
nvidia nvidia_resiliency_extension 0.5.0
nvidia nvidia_resiliency_extension *
CVE-2025-33226

NVIDIA NeMo Framework for all platforms contains a vulnerability where malicious data created by an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia nemo *
CVE-2025-33228

NVIDIA Nsight Systems contains a vulnerability in the gfx_hotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the process_nsys_rep_cli.py script if the script is invoked manually. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
nvidia cuda_toolkit *
CVE-2025-33229

NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Nsight Monitor where an attacker can execute arbitrary code with the same privileges as the NVIDIA Nsight Visual Studio Edition Monitor application. A successful exploit of this vulnerability may lead to escalation of privileges, code execution, data tampering, denial of service, and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
nvidia cuda_toolkit *
CVE-2025-33230

NVIDIA Nsight Systems for Linux contains a vulnerability in the .run installer, where an attacker could cause an OS command injection by supplying a malicious string to the installation path. A successful exploit of this vulnerability might lead to escalation of privileges, code execution, data tampering, denial of service, and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
nvidia cuda_toolkit *
CVE-2025-33231

NVIDIA Nsight Systems for Windows contains a vulnerability in the application’s DLL loading mechanism where an attacker could cause an uncontrolled search path element by exploiting insecure DLL search paths. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
nvidia cuda_toolkit *
CVE-2025-33235

NVIDIA Resiliency Extension for Linux contains a vulnerability in the checkpointing core, where an attacker may cause a race condition. A successful exploit of this vulnerability might lead to information disclosure, data tampering, denial of service, or escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia nvidia_resiliency_extension 0.5.0
nvidia nvidia_resiliency_extension *
CVE-2025-33236

NVIDIA NeMo Framework contains a vulnerability where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia nemo *
CVE-2025-33238

NVIDIA Triton Inference Server Sagemaker HTTP server contains a vulnerability where an attacker may cause an exception. A successful exploit of this vulnerability may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
nvidia triton_inference_server *
CVE-2025-33239

NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia megatron-bridge *
CVE-2025-33240

NVIDIA Megatron Bridge contains a vulnerability in a data shuffling tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia megatron-bridge *
CVE-2025-33241

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by loading a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia nemo *
CVE-2025-33243

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution in distributed environments. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia nemo *
CVE-2025-33245

NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 8.0 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
nvidia nemo *
CVE-2025-33246

NVIDIA NeMo Framework for all platforms contains a vulnerability in the ASR Evaluator utility, where a user could cause a command injection by supplying crafted input to a configuration parameter. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, or information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia nemo *
CVE-2025-33247

NVIDIA Megatron LM contains a vulnerability in quantization configuration loading, which could allow remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia megatron-lm *
CVE-2025-33248

NVIDIA Megatron-LM contains a vulnerability in the hybrid conversion script where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia megatron-lm *
CVE-2025-33249

NVIDIA NeMo Framework for all platforms contains a vulnerability in a voice-preprocessing script, where malicious input created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia nemo *
CVE-2025-33250

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia nemo *
CVE-2025-33251

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia nemo *
CVE-2025-33252

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia nemo *
CVE-2025-33253

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia nemo *
CVE-2025-33254

NVIDIA Triton Inference Server contains a vulnerability where an attacker may cause internal state corruption. A successful exploit of this vulnerability may lead to a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
nvidia triton_inference_server *
CVE-2026-24148

NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker could cause the initialization of a resource with an insecure default. A successful exploit of this vulnerability might lead to information disclosure of encrypted data, data tampering, and partial denial of service across devices sharing the same machine ID.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 8.3 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L 2.8 5.5

Products Affected

Vendor Product Version
nvidia jetson_linux *
CVE-2026-24150

NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia megatron-lm *
CVE-2026-24151

NVIDIA Megatron-LM contains a vulnerability in inferencing where an Attacker may cause an RCE by convincing a user to load a maliciously crafted input. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia megatron-lm *
CVE-2026-24152

NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia megatron-lm *
CVE-2026-24153

NVIDIA Jetson Linux has a vulnerability in initrd, where the nvluks trusted application is not disabled. A successful exploit of this vulnerability might lead to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 5.2 MEDIUM CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 0.7 4.0

Products Affected

Vendor Product Version
nvidia jetson_linux *
nvidia jetson_linux 38.2
CVE-2026-24154

NVIDIA Jetson Linux has vulnerability in initrd, where an unprivileged attacker with physical access coul inject incorrect command line arguments. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, data tampering, and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.6 HIGH CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 0.9 6.0

Products Affected

Vendor Product Version
nvidia jetson_linux *
nvidia jetson_linux 38.2
CVE-2026-24157

NVIDIA NeMo Framework contains a vulnerability in checkpoint loading where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia nemo *
CVE-2026-24158

NVIDIA Triton Inference Server contains a vulnerability in the HTTP endpoint where an attacker may cause a denial of service by providing a large compressed payload. A successful exploit of this vulnerability may lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
nvidia triton_inference_server *
CVE-2026-24159

NVIDIA NeMo Framework contains a vulnerability where an attacker may cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia nemo *
CVE-2026-24164

NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
nvidia bionemo_framework *
CVE-2026-24165

NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
nvidia bionemo_framework *
CVE-2026-24241

NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an attacker could exploit an improper authentication issue. A successful exploit of this vulnerability might lead to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@nvidia.com 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
nvidia delegated_license_service *