Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-1107

Summary
Assigner-nvidia
Assigner Org ID-9576f279-3576-44b5-a4af-b9a8644b2de6
Published At-11 Aug, 2021 | 21:33
Updated At-03 Aug, 2024 | 15:55
Rejected At-
Credits

NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVMAP_IOC_WRITE* paths, where improper access controls may lead to code execution, complete denial of service, and seriously compromised integrity of all system components.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:nvidia
Assigner Org ID:9576f279-3576-44b5-a4af-b9a8644b2de6
Published At:11 Aug, 2021 | 21:33
Updated At:03 Aug, 2024 | 15:55
Rejected At:
▼CVE Numbering Authority (CNA)

NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVMAP_IOC_WRITE* paths, where improper access controls may lead to code execution, complete denial of service, and seriously compromised integrity of all system components.

Affected Products
Vendor
NVIDIA CorporationNVIDIA
Product
Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX, Jetson Nano, Jetson Nano 2GB, Jetson TX1
Versions
Affected
  • All Jetson Linux versions prior to r32.6.1
Vendor
NVIDIA CorporationNVIDIA
Product
Shield TV
Versions
Affected
  • All Shield TV versions prior to SE 9.0
Problem Types
TypeCWE IDDescription
textN/Acode execution, denial of service, loss of integrity
Type: text
CWE ID: N/A
Description: code execution, denial of service, loss of integrity
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://nvidia.custhelp.com/app/answers/detail/a_id/5216
x_refsource_MISC
https://nvidia.custhelp.com/app/answers/detail/a_id/5259
x_refsource_MISC
Hyperlink: https://nvidia.custhelp.com/app/answers/detail/a_id/5216
Resource:
x_refsource_MISC
Hyperlink: https://nvidia.custhelp.com/app/answers/detail/a_id/5259
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://nvidia.custhelp.com/app/answers/detail/a_id/5216
x_refsource_MISC
x_transferred
https://nvidia.custhelp.com/app/answers/detail/a_id/5259
x_refsource_MISC
x_transferred
Hyperlink: https://nvidia.custhelp.com/app/answers/detail/a_id/5216
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://nvidia.custhelp.com/app/answers/detail/a_id/5259
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@nvidia.com
Published At:11 Aug, 2021 | 22:15
Updated At:08 Jul, 2022 | 18:55

NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVMAP_IOC_WRITE* paths, where improper access controls may lead to code execution, complete denial of service, and seriously compromised integrity of all system components.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.04.6MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 4.6
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
NVIDIA Corporation
nvidia
>>jetson_linux>>Versions from 32.1(inclusive) to 32.6.1(exclusive)
cpe:2.3:o:nvidia:jetson_linux:*:*:*:*:*:*:*:*
NVIDIA Corporation
nvidia
>>jetson_agx_xavier>>-
cpe:2.3:h:nvidia:jetson_agx_xavier:-:*:*:*:*:*:*:*
NVIDIA Corporation
nvidia
>>jetson_nano>>-
cpe:2.3:h:nvidia:jetson_nano:-:*:*:*:*:*:*:*
NVIDIA Corporation
nvidia
>>jetson_nano_2gb>>-
cpe:2.3:h:nvidia:jetson_nano_2gb:-:*:*:*:*:*:*:*
NVIDIA Corporation
nvidia
>>jetson_tx1>>-
cpe:2.3:h:nvidia:jetson_tx1:-:*:*:*:*:*:*:*
NVIDIA Corporation
nvidia
>>jetson_tx2>>-
cpe:2.3:h:nvidia:jetson_tx2:-:*:*:*:*:*:*:*
NVIDIA Corporation
nvidia
>>jetson_tx2_nx>>-
cpe:2.3:h:nvidia:jetson_tx2_nx:-:*:*:*:*:*:*:*
NVIDIA Corporation
nvidia
>>jetson_xavier_nx>>-
cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:*:*:*:*:*:*
NVIDIA Corporation
nvidia
>>shield_experience>>Versions before 9.0(exclusive)
cpe:2.3:a:nvidia:shield_experience:*:*:*:*:*:*:*:*
NVIDIA Corporation
nvidia
>>shield_tv>>-
cpe:2.3:h:nvidia:shield_tv:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://nvidia.custhelp.com/app/answers/detail/a_id/5216psirt@nvidia.com
Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5259psirt@nvidia.com
Vendor Advisory
Hyperlink: https://nvidia.custhelp.com/app/answers/detail/a_id/5216
Source: psirt@nvidia.com
Resource:
Vendor Advisory
Hyperlink: https://nvidia.custhelp.com/app/answers/detail/a_id/5259
Source: psirt@nvidia.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

175Records found
CVE-2023-25522
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 6.32%
||
7 Day CHG~0.00%
Published-03 Jul, 2023 | 23:27
Updated-25 Nov, 2024 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause improper input validation by providing configuration information in an unexpected format. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_a800_firmwaredgx_a800dgx_a100dgx_a100_firmwareDGX A100/A800dgx_a800dgx_a100
CWE ID-CWE-20
Improper Input Validation
CVE-2023-25527
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.53%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 00:06
Updated-24 Sep, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory. A successful exploit of this vulnerability may lead to arbitrary kernel code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_h100_firmwaredgx_h100DGX H100 BMCdgx_h100_bmc
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-25509
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-6||MEDIUM
EPSS-0.03% / 5.15%
||
7 Day CHG~0.00%
Published-22 Apr, 2023 | 02:32
Updated-04 Feb, 2025 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX-1 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, and escalation of privileges.

Action-Not Available
Vendor-NVIDIA Corporation
Product-sbiosdgx-1NVIDIA DGX servers
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-25505
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.38%
||
7 Day CHG~0.00%
Published-22 Apr, 2023 | 02:29
Updated-04 Feb, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the AMI MegaRAC BMC , where an attacker with the appropriate level of authorization can cause a buffer overflow, which may lead to denial of service, information disclosure, or arbitrary code execution.

Action-Not Available
Vendor-NVIDIA Corporation
Product-bmcdgx-1NVIDIA DGX servers
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-25508
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 10.50%
||
7 Day CHG~0.00%
Published-22 Apr, 2023 | 02:32
Updated-04 Feb, 2025 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where an attacker with the appropriate level of authorization can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-bmcdgx-1NVIDIA DGX servers
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-25519
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.95%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 00:49
Updated-26 Sep, 2024 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit contains a vulnerability where a restricted host may cause an incorrect user management error. A successful exploit of this vulnerability may lead to escalation of privileges. 

Action-Not Available
Vendor-NVIDIA Corporation
Product-bluefield_2_ltsbluefield_3_ga_firmwarebluefield_2_gabluefield_1bluefield_3_gabluefield_2_lts_firmwarebluefield_2_ga_firmwarebluefield_1_firmwareBlueField 3 GABlueField 1BlueField 2 GABlueField 2 LTSbluefield_2_ltsbluefield_2_gabluefield_1bluefield_3_ga
CWE ID-CWE-286
Incorrect User Management
CVE-2023-25515
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.23%
||
7 Day CHG~0.00%
Published-23 Jun, 2023 | 17:07
Updated-29 Nov, 2024 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrusted data is parsed, which may lead to code execution, denial of service, escalation of privileges, data tampering, or information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-studiogpu_display_drivervirtual_gpunvswindowsteslaquadrocloud_gaminggeforcertxGPU Display Driver for Windows and Linuxgpu_display_driver
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2023-25521
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 3.89%
||
7 Day CHG~0.00%
Published-03 Jul, 2023 | 23:27
Updated-27 Nov, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not performed. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_a800_firmwaredgx_a800dgx_a100dgx_a100_firmwareDGX A100/A800dgx_a800dgx_a100
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-1106
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 30.36%
||
7 Day CHG~0.00%
Published-11 Aug, 2021 | 21:32
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where writes may be allowed to read-only buffers, which may result in escalation of privileges, complete denial of service, unconstrained information disclosure, and serious data tampering of all processes on the system.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_agx_xaviershield_experiencejetson_tx2_nxjetson_tx2jetson_linuxjetson_tx1shield_tvjetson_nano_2gbjetson_nanojetson_xavier_nxJetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX, Jetson Nano, Jetson Nano 2GB, Jetson TX1Shield TV
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-0184
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-8.8||HIGH
EPSS-0.09% / 26.48%
||
7 Day CHG~0.00%
Published-22 Apr, 2023 | 02:18
Updated-13 Feb, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler which may lead to denial of service, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-studiogpu_display_drivernvsteslaquadrogeforcertxNVIDIA GPU Display Driver
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2023-0206
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 7.83%
||
7 Day CHG~0.00%
Published-22 Apr, 2023 | 02:27
Updated-04 Feb, 2025 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the NVME SMM API. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_a100_firmwaredgx_a100NVIDIA DGX servers
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-0189
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-8.8||HIGH
EPSS-0.13% / 32.81%
||
7 Day CHG~0.00%
Published-01 Apr, 2023 | 04:49
Updated-13 Feb, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-Linux Kernel Organization, IncNVIDIA Corporation
Product-virtual_gpulinux_kernelvGPU software (guest driver - Linux), NVIDIA Cloud Gaming (guest driver - Linux)
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2023-0202
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 7.83%
||
7 Day CHG~0.00%
Published-22 Apr, 2023 | 02:23
Updated-04 Feb, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the GenericSio and LegacySmmSredir SMM APIs. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_a100_firmwaredgx_a100NVIDIA DGX servers
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-0192
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.02% / 4.64%
||
7 Day CHG~0.00%
Published-01 Apr, 2023 | 04:52
Updated-11 Feb, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer handler, where improper privilege management can lead to escalation of privileges and information disclosure.

Action-Not Available
Vendor-Citrix (Cloud Software Group, Inc.)Red Hat, Inc.NVIDIA CorporationVMware (Broadcom Inc.)
Product-enterprise_linux_kernel-based_virtual_machinevirtual_gpuhypervisorvspherevGPU software (Virtual GPU Manager - Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux KVM), NVIDIA Cloud Gaming (Virtual GPU Manager - Red Hat Enterprise Linux KVM)
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-0209
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-8.2||HIGH
EPSS-0.01% / 0.61%
||
7 Day CHG~0.00%
Published-22 Apr, 2023 | 02:28
Updated-04 Feb, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware implant, data tampering, and SecureBoot bypass.

Action-Not Available
Vendor-NVIDIA Corporation
Product-sbiosdgx-1NVIDIA DGX servers
CWE ID-CWE-287
Improper Authentication
CVE-2023-0182
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.79%
||
7 Day CHG~0.00%
Published-01 Apr, 2023 | 04:31
Updated-11 Feb, 2025 | 16:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an out-of-bounds write can lead to denial of service, information disclosure, and data tampering.

Action-Not Available
Vendor-Microsoft CorporationNVIDIA Corporation
Product-windowsvirtual_gpuvGPU software (guest driver - Windows), NVIDIA Cloud Gaming (guest driver - Windows)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-42255
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.08%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-23 Apr, 2025 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, IncCitrix (Cloud Software Group, Inc.)Red Hat, Inc.VMware (Broadcom Inc.)
Product-linux_kernelenterprise_linux_kernel-based_virtual_machinevirtual_gpuhypervisorvspherecloud_gamingvGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2022-42283
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.05% / 14.77%
||
7 Day CHG~0.00%
Published-13 Jan, 2023 | 01:39
Updated-07 Apr, 2025 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution.

Action-Not Available
Vendor-NVIDIA Corporation
Product-bmcdgx_a100NVIDIA DGX servers
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-42292
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5||MEDIUM
EPSS-0.04% / 9.54%
||
7 Day CHG~0.00%
Published-07 Feb, 2023 | 02:31
Updated-25 Mar, 2025 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GeForce Experience contains a vulnerability in the NVContainer component, where a user without administrator privileges can create a symbolic link to a file that requires elevated privileges to write to or modify, which may lead to denial of service, escalation of privilege or limited data tampering.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsgeforce_experienceGeForce Experience
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2022-42278
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.2||HIGH
EPSS-0.13% / 32.91%
||
7 Day CHG~0.00%
Published-13 Jan, 2023 | 01:34
Updated-07 Apr, 2025 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_a100bmcNVIDIA DGX servers
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-42274
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.44%
||
7 Day CHG~0.00%
Published-13 Jan, 2023 | 00:00
Updated-07 Apr, 2025 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_a100bmcNVIDIA DGX servers
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-42271
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-8.4||HIGH
EPSS-0.08% / 23.44%
||
7 Day CHG~0.00%
Published-11 Jan, 2023 | 06:00
Updated-08 Apr, 2025 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_a100_firmwaredgx_a100NVIDIA DGX Servers
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-42270
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.60%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-10 Apr, 2025 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA distributions of Linux contain a vulnerability in nvdla_emu_task_submit, where unvalidated input may allow a local attacker to cause stack-based buffer overflow in kernel code, which may lead to escalation of privileges, compromised integrity and confidentiality, and denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_agx_xavier_32gbjetson_agx_xavierjetson_xavier_nx_16gbjetson_agx_xavier_64gbjetson_agx_xavier_16gbjetson_linuxjetson_agx_xavier_8gbjetson_agx_xavier_industrialjetson_xavier_nxNVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, Jetson AGX Orin Series
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-42261
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.52%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-11 Apr, 2025 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service.

Action-Not Available
Vendor-Red Hat, Inc.Citrix (Cloud Software Group, Inc.)VMware (Broadcom Inc.)Linux Kernel Organization, IncNVIDIA Corporation
Product-linux_kernelgpu_display_driverenterprise_linux_kernel-based_virtual_machinevirtual_gpuhypervisornvsteslavspherequadrocloud_gaminggeforcertxvGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (Virtual GPU Manager)
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-42260
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.15% / 36.49%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-11 Apr, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU Display Driver for Linux guest contains a vulnerability in a D-Bus configuration file, where an unauthorized user in the guest VM can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

Action-Not Available
Vendor-Red Hat, Inc.Citrix (Cloud Software Group, Inc.)VMware (Broadcom Inc.)Linux Kernel Organization, IncNVIDIA Corporation
Product-linux_kernelgpu_display_driverenterprise_linux_kernel-based_virtual_machinevirtual_gpuhypervisornvsteslavspherequadrocloud_gaminggeforcertxvGPU software (guest driver) - Linux, NVIDIA Cloud Gaming (guest driver)
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2022-42267
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7||HIGH
EPSS-0.06% / 20.02%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-10 Apr, 2025 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows contains a vulnerability where a regular user can cause an out-of-bounds read, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsvirtual_gpuNVIDIA GPU Display Driver for Windows
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-42256
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 6.73%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-10 Apr, 2025 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow in index validation may lead to denial of service, information disclosure, or data tampering.

Action-Not Available
Vendor-NVIDIA CorporationRed Hat, Inc.VMware (Broadcom Inc.)Citrix (Cloud Software Group, Inc.)Linux Kernel Organization, Inc
Product-linux_kernelenterprise_linux_kernel-based_virtual_machinevirtual_gpuhypervisorvspherecloud_gamingvGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-42254
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.51%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-10 Apr, 2025 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, data tampering, or information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationRed Hat, Inc.VMware (Broadcom Inc.)Citrix (Cloud Software Group, Inc.)Linux Kernel Organization, Inc
Product-linux_kernelgpu_display_driverenterprise_linux_kernel-based_virtual_machinevirtual_gpuhypervisornvsteslavspherequadrocloud_gaminggeforcertxvGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2022-42264
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.37%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-11 Apr, 2025 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause the use of an out-of-range pointer offset, which may lead to data tampering, data loss, information disclosure, or denial of service.

Action-Not Available
Vendor-Red Hat, Inc.Citrix (Cloud Software Group, Inc.)VMware (Broadcom Inc.)Linux Kernel Organization, IncNVIDIA Corporation
Product-linux_kernelgpu_display_driverenterprise_linux_kernel-based_virtual_machinevirtual_gpuhypervisornvsteslavspherequadrocloud_gaminggeforcertxvGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)
CWE ID-CWE-823
Use of Out-of-range Pointer Offset
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-42286
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-6||MEDIUM
EPSS-0.03% / 6.84%
||
7 Day CHG~0.00%
Published-13 Jan, 2023 | 02:06
Updated-07 Apr, 2025 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DGX A100 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, or escalation of privileges.

Action-Not Available
Vendor-NVIDIA Corporation
Product-sbiosdgx_a100NVIDIA DGX servers
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-42262
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.1||HIGH
EPSS-0.07% / 20.87%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-11 Apr, 2025 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service.

Action-Not Available
Vendor-Red Hat, Inc.Citrix (Cloud Software Group, Inc.)VMware (Broadcom Inc.)Linux Kernel Organization, IncNVIDIA Corporation
Product-linux_kernelgpu_display_driverenterprise_linux_kernel-based_virtual_machinevirtual_gpuhypervisornvsteslavspherequadrocloud_gaminggeforcertxvGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (Virtual GPU Manager)
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-42287
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-6||MEDIUM
EPSS-0.04% / 13.13%
||
7 Day CHG~0.00%
Published-13 Jan, 2023 | 02:07
Updated-07 Apr, 2025 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-bmcdgx_a100NVIDIA DGX servers
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-34676
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.1||HIGH
EPSS-0.06% / 17.42%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-11 Apr, 2025 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read may lead to denial of service, information disclosure, or data tampering.

Action-Not Available
Vendor-Red Hat, Inc.Citrix (Cloud Software Group, Inc.)VMware (Broadcom Inc.)Linux Kernel Organization, IncNVIDIA Corporation
Product-linux_kernelenterprise_linux_kernel-based_virtual_machinevirtual_gpuhypervisorvspherecloud_gamingvGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)
CWE ID-CWE-197
Numeric Truncation Error
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-34672
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.33%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-11 Apr, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Control Panel for Windows contains a vulnerability where an unauthorized user or an unprivileged regular user can compromise the security of the software by gaining privileges, reading sensitive information, or executing commands.

Action-Not Available
Vendor-Microsoft CorporationNVIDIA Corporation
Product-windowsvirtual_gpucloud_gamingvGPU software (guest driver) - Windows, NVIDIA Cloud Gaming (guest driver)
CWE ID-CWE-284
Improper Access Control
CVE-2016-2556
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.70%
||
7 Day CHG~0.00%
Published-12 Apr, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows improperly allows access to restricted functionality, which allows local users to gain privileges via unspecified vectors.

Action-Not Available
Vendor-n/aMicrosoft CorporationNVIDIA Corporation
Product-windowsgpu_driver_r352gpu_driver_r340n/a
CVE-2023-0198
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-6.6||MEDIUM
EPSS-0.07% / 23.01%
||
7 Day CHG-0.00%
Published-01 Apr, 2023 | 04:56
Updated-13 Feb, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering.

Action-Not Available
Vendor-Red Hat, Inc.Linux Kernel Organization, IncVMware (Broadcom Inc.)Citrix (Cloud Software Group, Inc.)NVIDIA Corporation
Product-linux_kernelenterprise_linux_kernel-based_virtual_machinevirtual_gpuhypervisorvspherevGPU software (guest driver - Linux), vGPU software (Virtual GPU Manager - Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux KVM), , NVIDIA Cloud Gaming (guest driver - Linux), NVIDIA Cloud Gaming (Virtual GPU Manager - Red Hat Enterprise Linux KVM)
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-31614
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7||HIGH
EPSS-0.14% / 34.98%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 20:30
Updated-03 Aug, 2024 | 07:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where it may double-free some resources. An attacker may exploit this vulnerability with other vulnerabilities to cause denial of service, code execution, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-virtual_gpuNVIDIA Virtual GPU Software and NVIDIA Cloud Gaming
CWE ID-CWE-415
Double Free
CVE-2024-0099
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.39%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:23
Updated-01 Aug, 2024 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could cause buffer overrun in the host. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-vGPU software and Cloud Gamingnvsteslaquadrogeforcertx
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-0129
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 14.49%
||
7 Day CHG~0.00%
Published-15 Oct, 2024 | 05:39
Updated-08 Nov, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. A successful exploit of this vulnerability may lead to code execution and data tampering.

Action-Not Available
Vendor-Linux Kernel Organization, IncNVIDIA CorporationApple Inc.Microsoft Corporation
Product-windowsmacosnemolinux_kernelNeMo
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-0127
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.52%
||
7 Day CHG-0.00%
Published-26 Oct, 2024 | 08:10
Updated-01 Nov, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU software contains a vulnerability in the GPU kernel driver of the vGPU Manager for all supported hypervisors, where a user of the guest OS can cause an improper input validation by compromising the guest OS kernel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-vGPU and Cloud Gamingcloud_gaming_virtual_gpuvirtual_gpu_manager
CWE ID-CWE-20
Improper Input Validation
CVE-2022-31599
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-8.2||HIGH
EPSS-0.06% / 18.34%
||
7 Day CHG~0.00%
Published-04 Jul, 2022 | 18:10
Updated-03 Aug, 2024 | 07:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an uninitialized pointer, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_a100_firmwaredgx_a100NVIDIA DGX A100
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2022-31617
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.14%
||
7 Day CHG~0.00%
Published-18 Nov, 2022 | 00:00
Updated-28 Apr, 2025 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds read, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-studiogpu_display_drivervirtual_gpuwindowsteslacloud_gaming_guestgeforceNVIDIA Cloud Gaming (guest driver)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-31610
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.80%
||
7 Day CHG~0.00%
Published-18 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds write, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

Action-Not Available
Vendor-Microsoft CorporationNVIDIA Corporation
Product-studiogpu_display_drivervirtual_gpuwindowsteslacloud_gaming_guestgeforceNVIDIA Cloud Gaming (guest driver)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-31609
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.60%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 20:30
Updated-03 Aug, 2024 | 07:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows the guest VM to allocate resources for which the guest is not authorized. This vulnerability may lead to loss of data integrity and confidentiality, denial of service, or information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-virtual_gpuNVIDIA Virtual GPU Software and NVIDIA Cloud Gaming
CWE ID-CWE-285
Improper Authorization
CVE-2022-31606
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.44%
||
7 Day CHG~0.00%
Published-18 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a failure to properly validate data might allow an attacker with basic user capabilities to cause an out-of-bounds access in kernel mode, which could lead to denial of service, information disclosure, escalation of privileges, or data tampering.

Action-Not Available
Vendor-Microsoft CorporationNVIDIA Corporation
Product-studiogpu_display_drivervirtual_gpuwindowsteslacloud_gaming_guestgeforceNVIDIA Cloud Gaming (guest driver)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-31601
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 14.49%
||
7 Day CHG~0.00%
Published-04 Jul, 2022 | 18:10
Updated-03 Aug, 2024 | 07:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmbiosPei, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_a100_firmwaredgx_a100NVIDIA DGX A100
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-31600
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 20.63%
||
7 Day CHG~0.00%
Published-04 Jul, 2022 | 18:10
Updated-03 Aug, 2024 | 07:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmmCore, where a user with high privileges can chain another vulnerability to this vulnerability, causing an integer overflow, possibly leading to code execution, escalation of privileges, denial of service, compromised integrity, and information disclosure. The scope of impact can extend to other components.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_a100_firmwaredgx_a100NVIDIA DGX A100
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-0091
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.12% / 32.51%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:23
Updated-15 Aug, 2024 | 22:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data tampering.

Action-Not Available
Vendor-Citrix (Cloud Software Group, Inc.)Microsoft CorporationCanonical Ltd.Red Hat, Inc.VMware (Broadcom Inc.)NVIDIA CorporationLinux Kernel Organization, Inc
Product-ubuntu_linuxstudiovirtual_gpuhypervisorteslavspherequadrocloud_gaminggeforcertxlinux_kernelgpu_display_driverazure_stack_hcienterprise_linux_kernel-based_virtual_machinenvswindowsGPU display driver, vGPU software, and Cloud Gamingstudioquadro_firmwarenvs_firmwareteslageforcertx
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2024-0073
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.28%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 21:52
Updated-01 Aug, 2024 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer when the driver is performing an operation at a privilege level that is higher than the minimum level required. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-GPU Display driver, vGPU driver, Cloud Gaming driverstudioteslageforcequadro
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2024-0146
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.12%
||
7 Day CHG+0.01%
Published-28 Jan, 2025 | 04:09
Updated-28 Jan, 2025 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause memory corruption. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, or data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-NVIDIA vGPU software
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found