Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-1100

Summary
Assigner-nvidia
Assigner Org ID-9576f279-3576-44b5-a4af-b9a8644b2de6
Published At-21 Jul, 2021 | 02:55
Updated At-03 Aug, 2024 | 15:55
Rejected At-
Credits

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager kernel mode driver (nvidia.ko), in which a pointer to a user-space buffer is not validated before it is dereferenced, which may lead to denial of service. This affects vGPU version 12.x (prior to 12.3), version 11.x (prior to 11.5) and version 8.x (prior 8.8).

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:nvidia
Assigner Org ID:9576f279-3576-44b5-a4af-b9a8644b2de6
Published At:21 Jul, 2021 | 02:55
Updated At:03 Aug, 2024 | 15:55
Rejected At:
▼CVE Numbering Authority (CNA)

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager kernel mode driver (nvidia.ko), in which a pointer to a user-space buffer is not validated before it is dereferenced, which may lead to denial of service. This affects vGPU version 12.x (prior to 12.3), version 11.x (prior to 11.5) and version 8.x (prior 8.8).

Affected Products
Vendor
NVIDIA CorporationNVIDIA
Product
NVIDIA Virtual GPU Software
Versions
Affected
  • vGPU version 12.x (prior to 12.3), version 11.x (prior to 11.5) and version 8.x (prior 8.8).
Problem Types
TypeCWE IDDescription
textN/Adenial of service
Type: text
CWE ID: N/A
Description: denial of service
Metrics
VersionBase scoreBase severityVector
3.16.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://nvidia.custhelp.com/app/answers/detail/a_id/5211
x_refsource_CONFIRM
Hyperlink: https://nvidia.custhelp.com/app/answers/detail/a_id/5211
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://nvidia.custhelp.com/app/answers/detail/a_id/5211
x_refsource_CONFIRM
x_transferred
Hyperlink: https://nvidia.custhelp.com/app/answers/detail/a_id/5211
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@nvidia.com
Published At:21 Jul, 2021 | 03:15
Updated At:14 Sep, 2021 | 18:18

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager kernel mode driver (nvidia.ko), in which a pointer to a user-space buffer is not validated before it is dereferenced, which may lead to denial of service. This affects vGPU version 12.x (prior to 12.3), version 11.x (prior to 11.5) and version 8.x (prior 8.8).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Secondary3.16.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
NVIDIA Corporation
nvidia
>>virtual_gpu>>Versions from 8.0(inclusive) to 8.8(exclusive)
cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*
NVIDIA Corporation
nvidia
>>virtual_gpu>>Versions from 11.0(inclusive) to 11.5(exclusive)
cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*
NVIDIA Corporation
nvidia
>>virtual_gpu>>Versions from 12.0(inclusive) to 12.3(exclusive)
cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://nvidia.custhelp.com/app/answers/detail/a_id/5211psirt@nvidia.com
Patch
Vendor Advisory
Hyperlink: https://nvidia.custhelp.com/app/answers/detail/a_id/5211
Source: psirt@nvidia.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

79Records found
CVE-2022-28189
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 31.44%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 19:15
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a NULL pointer dereference may lead to a system crash.

Action-Not Available
Vendor-NVIDIA Corporation
Product-gpu_display_driverNVIDIA GPU Display Driver
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-21815
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.06%
||
7 Day CHG~0.00%
Published-07 Feb, 2022 | 20:00
Updated-03 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system crash.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-studiogpu_display_drivervirtual_gpunvswindowsteslaquadrocloud_gaming_guestgeforcertxNVIDIA GPU Display Driver
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-33177
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.10%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 19:22
Updated-16 Oct, 2025 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Jetson Linux and IGX OS contain a vulnerability in NvMap, where improper tracking of memory allocations could allow a local attacker to cause memory overallocation. A successful exploitation of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-Jetson Thor SeriesJetson Orin SeriesIGX Orin
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-33197
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 4.08%
||
7 Day CHG~0.00%
Published-25 Nov, 2025 | 18:00
Updated-02 Dec, 2025 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a NULL pointer dereference. A successful exploit of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_osdgx_sparkDGX Spark
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-33192
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5.7||MEDIUM
EPSS-0.02% / 4.08%
||
7 Day CHG~0.00%
Published-25 Nov, 2025 | 17:58
Updated-02 Dec, 2025 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an arbitrary memory read. A successful exploit of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_osdgx_sparkDGX Spark
CWE ID-CWE-690
Unchecked Return Value to NULL Pointer Dereference
CVE-2025-33237
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.93%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 17:49
Updated-29 Jan, 2026 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA HD Audio Driver for Windows contains a vulnerability where an attacker could exploit a NULL pointer dereference issue. A successful exploit of this vulnerability might lead to a denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-RTX, Quadro, NVSGeForce
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-33191
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5.7||MEDIUM
EPSS-0.03% / 6.93%
||
7 Day CHG~0.00%
Published-25 Nov, 2025 | 17:58
Updated-02 Dec, 2025 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX Spark GB10 contains a vulnerability in OSROOT firmware, where an attacker could cause an invalid memory read. A successful exploit of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_osdgx_sparkDGX Spark
CWE ID-CWE-20
Improper Input Validation
CVE-2025-23330
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 14.93%
||
7 Day CHG~0.00%
Published-23 Oct, 2025 | 18:25
Updated-27 Oct, 2025 | 13:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Display Driver for Linux contains a vulnerability where an attacker might be able to trigger a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-NVIDIA RTX, Quadro, NVSTeslaGeForceGuest driver
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-23285
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 8.82%
||
7 Day CHG~0.00%
Published-02 Aug, 2025 | 22:17
Updated-04 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where it allows a guest to access global resources. A successful exploit of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-GPU Display Drivers
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2025-23245
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 19.29%
||
7 Day CHG+0.04%
Published-01 May, 2025 | 13:53
Updated-02 May, 2025 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows a guest to access global resources. A successful exploit of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-vGPU Software, Cloud Gaming
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2021-34391
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 13.78%
||
7 Day CHG~0.00%
Published-22 Jun, 2021 | 21:25
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trusty contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow through a specific SMC call that is triggered by the user, which may lead to denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_tx1jetson_linuxNVIDIA Jetson TX1
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-34392
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.05% / 15.49%
||
7 Day CHG~0.00%
Published-22 Jun, 2021 | 21:25
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the tz_map_shared_mem function can bypass boundary checks, which might lead to denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_tx1jetson_linuxNVIDIA Jetson TX1
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-34683
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 31.63%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-11 Apr, 2025 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a null-pointer dereference occurs, which may lead to denial of service.

Action-Not Available
Vendor-Microsoft CorporationNVIDIA Corporation
Product-windowsvirtual_gpucloud_gamingvGPU software (guest driver) - Windows, NVIDIA Cloud Gaming (guest driver)
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-34405
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.06%
||
7 Day CHG~0.00%
Published-18 Jan, 2022 | 18:05
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Linux distributions contain a vulnerability in TrustZone’s TEE_Malloc function, where an unchecked return value causing a null pointer dereference may lead to denial of service.

Action-Not Available
Vendor-Google LLCNVIDIA Corporation
Product-shield_experienceandroidSHIELD TV
CWE ID-CWE-252
Unchecked Return Value
CVE-2021-34390
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 15.49%
||
7 Day CHG~0.00%
Published-22 Jun, 2021 | 21:25
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trusty contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow through a specific SMC call that is triggered by the user, which may lead to denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_tx1jetson_linuxNVIDIA Jetson TX1
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-5698
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.06% / 17.03%
||
7 Day CHG~0.00%
Published-09 Nov, 2019 | 01:47
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in the vGPU plugin, in which an input index value is incorrectly validated, which may lead to denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-virtual_gpu_managerNVIDIA VGPU Display Driver
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2023-31023
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.36%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 18:56
Updated-05 Sep, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA Display Driver for Windows contains a vulnerability where an attacker may cause a pointer dereference of an untrusted value, which may lead to denial of service.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsvirtual_gpuNVIDIA GPU Display driver, vGPU driver, and Cloud gaming driver
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2023-31026
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-6||MEDIUM
EPSS-0.02% / 4.66%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 18:56
Updated-05 Sep, 2024 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a NULL-pointer dereference may lead to denial of service.

Action-Not Available
Vendor-linux-kvmVMware (Broadcom Inc.)NVIDIA CorporationRed Hat, Inc.Canonical Ltd.Citrix (Cloud Software Group, Inc.)
Product-ubuntu_linuxkernel_virtual_machinevirtual_gpuenterprise_linuxhypervisorvspherevGPU driver and Cloud gaming driver
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-31021
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 14.47%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 18:56
Updated-05 Sep, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a malicious user in the guest VM can cause a NULL-pointer dereference, which may lead to denial of service.

Action-Not Available
Vendor-linux-kvmVMware (Broadcom Inc.)NVIDIA CorporationRed Hat, Inc.Citrix (Cloud Software Group, Inc.)Canonical Ltd.Microsoft Corporation
Product-ubuntu_linuxkernel_virtual_machineazure_stack_hcivirtual_gpuenterprise_linuxhypervisorvspherevGPU driver and Cloud gaming driver
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-31022
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 22.47%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 18:56
Updated-27 Feb, 2025 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of service.

Action-Not Available
Vendor-linux-kvmCitrix (Cloud Software Group, Inc.)NVIDIA CorporationCanonical Ltd.Red Hat, Inc.VMware (Broadcom Inc.)Microsoft CorporationLinux Kernel Organization, Inc
Product-ubuntu_linuxkernel_virtual_machineazure_stack_hcilinux_kernelvirtual_gpuenterprise_linuxhypervisorwindowsvsphereNVIDIA GPU Display driver, vGPU driver, and Cloud gaming driver
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-23246
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 22.19%
||
7 Day CHG+0.05%
Published-01 May, 2025 | 14:12
Updated-02 May, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows a guest to consume uncontrolled resources. A successful exploit of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-vGPU Software, Cloud Gaming
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-31018
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.42%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 18:56
Updated-27 Feb, 2025 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA GPU Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a NULL-pointer dereference, which may lead to denial of service.

Action-Not Available
Vendor-linux-kvmCitrix (Cloud Software Group, Inc.)NVIDIA CorporationCanonical Ltd.Red Hat, Inc.VMware (Broadcom Inc.)Microsoft CorporationLinux Kernel Organization, Inc
Product-ubuntu_linuxkernel_virtual_machineazure_stack_hcilinux_kernelvirtual_gpuenterprise_linuxhypervisorwindowsvspherevGPU driver and Cloud gaming driver
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-23300
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 14.93%
||
7 Day CHG~0.00%
Published-23 Oct, 2025 | 18:24
Updated-27 Oct, 2025 | 13:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Display Driver for Linux contains a vulnerability in the kernel driver, where a user could cause a null pointer dereference by allocating a specific memory resource. A successful exploit of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-TeslaNVIDIA RTX, Quadro, NVSVirtual GPU ManagerGeForceGuest driver
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-25520
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 5.59%
||
7 Day CHG~0.00%
Published-23 Jun, 2023 | 17:23
Updated-07 Nov, 2024 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Jetson Linux Driver Package contains a vulnerability in nvbootctrl, where a privileged local attacker can configure invalid settings, resulting in denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_agx_xavierjetson_tx2_nxjetson_tx2jetson_linuxjetson_xavier_nxJetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX
CWE ID-CWE-20
Improper Input Validation
CVE-2022-21816
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 9.74%
||
7 Day CHG~0.00%
Published-07 Feb, 2022 | 20:00
Updated-03 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where a user in the guest OS can cause a GPU interrupt storm on the hypervisor host, leading to a denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-cloud_gaming_virtual_gpuvirtual_gpuNVIDIA Virtual GPU Software and NVIDIA Cloud Gaming
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-34397
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-1.9||LOW
EPSS-0.06% / 18.46%
||
7 Day CHG~0.00%
Published-22 Jun, 2021 | 21:25
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bootloader contains a vulnerability in NVIDIA MB2, which may cause free-the-wrong-heap, which may lead to limited denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_agx_xavier_32gbjetson_tx2_4gbjetson_tx2_nxjetson_tx2jetson_tx2ijetson_agx_xavier_16gbjetson_linuxjetson_agx_xavier_8gbjetson_xavier_nxNVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NX
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-53881
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 9.93%
||
7 Day CHG~0.00%
Published-28 Jan, 2025 | 04:11
Updated-28 Jan, 2025 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU software contains a vulnerability in the host driver, where it can allow a guest to cause an interrupt storm on the host, which may lead to denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-NVIDIA vGPU software
CWE ID-CWE-459
Incomplete Cleanup
CVE-2019-5693
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.78%
||
7 Day CHG~0.00%
Published-09 Nov, 2019 | 01:41
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) in which the program accesses or uses a pointer that has not been initialized, which may lead to denial of service.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsgpu_driverNVIDIA GPU Display Driver
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2019-5696
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.49%
||
7 Day CHG~0.00%
Published-09 Nov, 2019 | 01:43
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in which the provision of an incorrectly sized buffer by a guest VM leads to GPU out-of-bound access, which may lead to a denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-virtual_gpu_managerNVIDIA VGPU Display Driver
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
  • Previous
  • 1
  • 2
  • Next
Details not found