Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-34380

Summary
Assigner-nvidia
Assigner Org ID-9576f279-3576-44b5-a4af-b9a8644b2de6
Published At-30 Jun, 2021 | 10:24
Updated At-04 Aug, 2024 | 00:12
Rejected At-
Credits

Bootloader contains a vulnerability in NVIDIA MB2 where potential heap overflow might cause corruption of the heap metadata, which might lead to arbitrary code execution, denial of service, and information disclosure during secure boot.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:nvidia
Assigner Org ID:9576f279-3576-44b5-a4af-b9a8644b2de6
Published At:30 Jun, 2021 | 10:24
Updated At:04 Aug, 2024 | 00:12
Rejected At:
▼CVE Numbering Authority (CNA)

Bootloader contains a vulnerability in NVIDIA MB2 where potential heap overflow might cause corruption of the heap metadata, which might lead to arbitrary code execution, denial of service, and information disclosure during secure boot.

Affected Products
Vendor
NVIDIA CorporationNVIDIA
Product
NVIDIA Jetson TX1, TX2 series, TX2 NX, AGX Xavier series, Xavier NX, Nano and Nano 2GB
Versions
Affected
  • All Jetson Linux versions prior to r32.5.1
Problem Types
TypeCWE IDDescription
textN/Ainformation disclosure, escalation of privileges, denial of service
Type: text
CWE ID: N/A
Description: information disclosure, escalation of privileges, denial of service
Metrics
VersionBase scoreBase severityVector
3.17.0HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://nvidia.custhelp.com/app/answers/detail/a_id/5205
x_refsource_CONFIRM
Hyperlink: https://nvidia.custhelp.com/app/answers/detail/a_id/5205
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://nvidia.custhelp.com/app/answers/detail/a_id/5205
x_refsource_CONFIRM
x_transferred
Hyperlink: https://nvidia.custhelp.com/app/answers/detail/a_id/5205
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@nvidia.com
Published At:30 Jun, 2021 | 11:15
Updated At:06 Jul, 2021 | 15:23

Bootloader contains a vulnerability in NVIDIA MB2 where potential heap overflow might cause corruption of the heap metadata, which might lead to arbitrary code execution, denial of service, and information disclosure during secure boot.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.17.0HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.04.6MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 4.6
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
NVIDIA Corporation
nvidia
>>jetson_linux>>Versions before 32.5.1(exclusive)
cpe:2.3:o:nvidia:jetson_linux:*:*:*:*:*:*:*:*
NVIDIA Corporation
nvidia
>>jetson_agx_xavier_16gb>>-
cpe:2.3:h:nvidia:jetson_agx_xavier_16gb:-:*:*:*:*:*:*:*
NVIDIA Corporation
nvidia
>>jetson_agx_xavier_32gb>>-
cpe:2.3:h:nvidia:jetson_agx_xavier_32gb:-:*:*:*:*:*:*:*
NVIDIA Corporation
nvidia
>>jetson_agx_xavier_8gb>>-
cpe:2.3:h:nvidia:jetson_agx_xavier_8gb:-:*:*:*:*:*:*:*
NVIDIA Corporation
nvidia
>>jetson_tx2>>-
cpe:2.3:h:nvidia:jetson_tx2:-:*:*:*:*:*:*:*
NVIDIA Corporation
nvidia
>>jetson_tx2_4gb>>-
cpe:2.3:h:nvidia:jetson_tx2_4gb:-:*:*:*:*:*:*:*
NVIDIA Corporation
nvidia
>>jetson_tx2_nx>>-
cpe:2.3:h:nvidia:jetson_tx2_nx:-:*:*:*:*:*:*:*
NVIDIA Corporation
nvidia
>>jetson_tx2i>>-
cpe:2.3:h:nvidia:jetson_tx2i:-:*:*:*:*:*:*:*
NVIDIA Corporation
nvidia
>>jetson_xavier_nx>>-
cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://nvidia.custhelp.com/app/answers/detail/a_id/5205psirt@nvidia.com
Vendor Advisory
Hyperlink: https://nvidia.custhelp.com/app/answers/detail/a_id/5205
Source: psirt@nvidia.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1813Records found
CVE-2022-31601
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 14.95%
||
7 Day CHG~0.00%
Published-04 Jul, 2022 | 18:10
Updated-03 Aug, 2024 | 07:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmbiosPei, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_a100_firmwaredgx_a100NVIDIA DGX A100
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-31606
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.12% / 30.59%
||
7 Day CHG~0.00%
Published-18 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a failure to properly validate data might allow an attacker with basic user capabilities to cause an out-of-bounds access in kernel mode, which could lead to denial of service, information disclosure, escalation of privileges, or data tampering.

Action-Not Available
Vendor-Microsoft CorporationNVIDIA Corporation
Product-studiogpu_display_drivervirtual_gpuwindowsteslacloud_gaming_guestgeforceNVIDIA Cloud Gaming (guest driver)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-0090
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.23% / 45.69%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:23
Updated-15 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-Citrix (Cloud Software Group, Inc.)Microsoft CorporationCanonical Ltd.Red Hat, Inc.VMware (Broadcom Inc.)NVIDIA CorporationLinux Kernel Organization, Inc
Product-ubuntu_linuxstudiovirtual_gpuhypervisorteslavspherequadrocloud_gaminggeforcertxlinux_kernelgpu_display_driverazure_stack_hcienterprise_linux_kernel-based_virtual_machinenvswindowsGPU display driver, vGPU software, and Cloud Gamingvirtual_gpucloud_gaminggpu_display_driver
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-28193
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-5.6||MEDIUM
EPSS-0.19% / 41.34%
||
7 Day CHG~0.00%
Published-27 Apr, 2022 | 17:57
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, loss of integrity, limited denial of service, and some impact to confidentiality.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_agx_xavierjetson_linuxjetson_xavier_nxJetson AGX Xavier series, Jetson Xavier NX
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2012-0951
Matching Score-10
Assigner-Canonical Ltd.
ShareView Details
Matching Score-10
Assigner-Canonical Ltd.
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.60%
||
7 Day CHG~0.00%
Published-12 Feb, 2020 | 16:56
Updated-06 Aug, 2024 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Memory Corruption Vulnerability exists in NVIDIA Graphics Drivers 29549 due to an unknown function in the file proc/driver/nvidia/registry.

Action-Not Available
Vendor-NVIDIA Corporation
Product-display_drivergraphics drivers
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-5981
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.55%
||
7 Day CHG~0.00%
Published-02 Oct, 2020 | 18:15
Updated-04 Aug, 2024 | 08:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), in which a specially crafted shader can cause an out of bounds access, which may lead to denial of service or code execution.

Action-Not Available
Vendor-NVIDIA Corporation
Product-virtual_gpu_managerNVIDIA GPU Display Driver
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-31610
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.65%
||
7 Day CHG~0.00%
Published-18 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds write, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

Action-Not Available
Vendor-Microsoft CorporationNVIDIA Corporation
Product-studiogpu_display_drivervirtual_gpuwindowsteslacloud_gaming_guestgeforceNVIDIA Cloud Gaming (guest driver)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-31031
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-4.2||MEDIUM
EPSS-0.03% / 9.55%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 18:31
Updated-09 Oct, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA DGX Station A100 and DGX Station A800 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local access. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_a100_firmwaredgx_a100DGX A100
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-28200
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-8.2||HIGH
EPSS-0.06% / 18.21%
||
7 Day CHG~0.00%
Published-02 Jul, 2022 | 00:20
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_a100_firmwaredgx_a100NVIDIA DGX A100
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-33190
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 2.75%
||
7 Day CHG~0.00%
Published-25 Nov, 2025 | 17:58
Updated-02 Dec, 2025 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware where an attacker could cause an out-of-bound write. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, or escalation of privileges.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_osdgx_sparkDGX Spark
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-42255
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 18.16%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-23 Apr, 2025 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, IncCitrix (Cloud Software Group, Inc.)Red Hat, Inc.VMware (Broadcom Inc.)
Product-linux_kernelenterprise_linux_kernel-based_virtual_machinevirtual_gpuhypervisorvspherecloud_gamingvGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2022-42270
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.13%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-10 Apr, 2025 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA distributions of Linux contain a vulnerability in nvdla_emu_task_submit, where unvalidated input may allow a local attacker to cause stack-based buffer overflow in kernel code, which may lead to escalation of privileges, compromised integrity and confidentiality, and denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_agx_xavier_32gbjetson_agx_xavierjetson_xavier_nx_16gbjetson_agx_xavier_64gbjetson_agx_xavier_16gbjetson_linuxjetson_agx_xavier_8gbjetson_agx_xavier_industrialjetson_xavier_nxNVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, Jetson AGX Orin Series
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-42262
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-7.1||HIGH
EPSS-0.12% / 31.05%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-11 Apr, 2025 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service.

Action-Not Available
Vendor-Red Hat, Inc.Citrix (Cloud Software Group, Inc.)VMware (Broadcom Inc.)Linux Kernel Organization, IncNVIDIA Corporation
Product-linux_kernelgpu_display_driverenterprise_linux_kernel-based_virtual_machinevirtual_gpuhypervisornvsteslavspherequadrocloud_gaminggeforcertxvGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (Virtual GPU Manager)
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-34384
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.08% / 23.32%
||
7 Day CHG~0.00%
Published-30 Jun, 2021 | 10:24
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bootloader contains a vulnerability in NVIDIA MB2 where a potential heap overflow could cause memory corruption, which might lead to denial of service or code execution.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_agx_xavier_32gbjetson_tx2_4gbjetson_tx2_nxjetson_tx2jetson_tx2ijetson_agx_xavier_16gbjetson_linuxjetson_agx_xavier_8gbjetson_xavier_nxNVIDIA Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-34375
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-7.7||HIGH
EPSS-0.07% / 21.98%
||
7 Day CHG~0.00%
Published-30 Jun, 2021 | 10:24
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trusty contains a vulnerability in all trusted applications (TAs) where the stack cookie was not randomized, which might result in stack-based buffer overflow, leading to denial of service, escalation of privileges, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_agx_xavier_32gbjetson_tx2_4gbjetson_tx2_nxjetson_tx2jetson_tx2ijetson_agx_xavier_16gbjetson_linuxjetson_agx_xavier_8gbjetson_xavier_nxNVIDIA Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-34383
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.07% / 21.98%
||
7 Day CHG~0.00%
Published-30 Jun, 2021 | 10:24
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bootloader contains a vulnerability in NVIDIA MB2 where a potential heap overflow might lead to denial of service or escalation of privileges.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_agx_xavier_32gbjetson_tx2_4gbjetson_tx2_nxjetson_tx2jetson_tx2ijetson_agx_xavier_16gbjetson_linuxjetson_agx_xavier_8gbjetson_xavier_nxNVIDIA Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-34388
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.08% / 23.32%
||
7 Day CHG~0.00%
Published-21 Jun, 2021 | 21:35
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bootloader contains a vulnerability in NVIDIA TegraBoot where a potential heap overflow might allow an attacker to control all the RAM after the heap block, leading to denial of service or code execution.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_agx_xavier_32gbjetson_tx2_4gbjetson_tx2_nxjetson_tx2jetson_tx2ijetson_agx_xavier_16gbjetson_linuxjetson_tx1jetson_nano_2gbjetson_nanojetson_agx_xavier_8gbjetson_xavier_nxNVIDIA Jetson TX1, TX2 series, TX2 NX, AGX Xavier series, Xavier NX, Nano and Nano 2GB
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-34379
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-7.7||HIGH
EPSS-0.07% / 20.17%
||
7 Day CHG~0.00%
Published-30 Jun, 2021 | 10:24
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 10 is missing. The length of an I/O buffer parameter is not checked, which might lead to memory corruption.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_agx_xavier_32gbjetson_tx2_4gbjetson_tx2_nxjetson_tx2jetson_tx2ijetson_agx_xavier_16gbjetson_linuxjetson_agx_xavier_8gbjetson_xavier_nxNVIDIA Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-34402
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 15.41%
||
7 Day CHG~0.00%
Published-18 Jan, 2022 | 18:05
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVDEC, where a user with high privileges might be able to read from or write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service, Information disclosure, loss of Integrity, or possible escalation of privileges.

Action-Not Available
Vendor-Google LLCNVIDIA Corporation
Product-androidshield_experienceSHIELD TV
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-5690
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.39%
||
7 Day CHG~0.00%
Published-09 Nov, 2019 | 01:39
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the size of an input buffer is not validated, which may lead to denial of service or escalation of privileges.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsgpu_driverNVIDIA GPU Display Driver
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-33189
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.37%
||
7 Day CHG~0.00%
Published-25 Nov, 2025 | 17:58
Updated-02 Dec, 2025 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an out-of-bound write. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, information disclosure, or escalation of privileges.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_osdgx_sparkDGX Spark
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-0182
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.86%
||
7 Day CHG~0.00%
Published-01 Apr, 2023 | 04:31
Updated-11 Feb, 2025 | 16:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an out-of-bounds write can lead to denial of service, information disclosure, and data tampering.

Action-Not Available
Vendor-Microsoft CorporationNVIDIA Corporation
Product-windowsvirtual_gpuvGPU software (guest driver - Windows), NVIDIA Cloud Gaming (guest driver - Windows)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1106
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.90%
||
7 Day CHG~0.00%
Published-11 Aug, 2021 | 21:32
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where writes may be allowed to read-only buffers, which may result in escalation of privileges, complete denial of service, unconstrained information disclosure, and serious data tampering of all processes on the system.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_agx_xaviershield_experiencejetson_tx2_nxjetson_tx2jetson_linuxjetson_tx1shield_tvjetson_nano_2gbjetson_nanojetson_xavier_nxJetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX, Jetson Nano, Jetson Nano 2GB, Jetson TX1Shield TV
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1099
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-7||HIGH
EPSS-0.18% / 38.96%
||
7 Day CHG~0.00%
Published-21 Jul, 2021 | 02:55
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin) that could allow an attacker to cause stack-based buffer overflow and put a customized ROP gadget on the stack. Such an attack may lead to information disclosure, data tampering, or denial of service. This affects vGPU version 12.x (prior to 12.3), version 11.x (prior to 11.5) and version 8.x (prior 8.8).

Action-Not Available
Vendor-NVIDIA Corporation
Product-virtual_gpuNVIDIA Virtual GPU Software
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-5991
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.75%
||
7 Day CHG~0.00%
Published-30 Oct, 2020 | 20:40
Updated-04 Aug, 2024 | 08:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowscuda_toolkitNVIDIA CUDA Toolkit
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-24149
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.02%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 19:55
Updated-04 Feb, 2026 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-Megatron-LM
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2016-2556
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.71%
||
7 Day CHG~0.00%
Published-12 Apr, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows improperly allows access to restricted functionality, which allows local users to gain privileges via unspecified vectors.

Action-Not Available
Vendor-n/aMicrosoft CorporationNVIDIA Corporation
Product-windowsgpu_driver_r352gpu_driver_r340n/a
CVE-2022-34676
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.1||HIGH
EPSS-0.07% / 21.77%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-11 Apr, 2025 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read may lead to denial of service, information disclosure, or data tampering.

Action-Not Available
Vendor-Red Hat, Inc.Citrix (Cloud Software Group, Inc.)VMware (Broadcom Inc.)Linux Kernel Organization, IncNVIDIA Corporation
Product-linux_kernelenterprise_linux_kernel-based_virtual_machinevirtual_gpuhypervisorvspherecloud_gamingvGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)
CWE ID-CWE-197
Numeric Truncation Error
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-0316
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.68%
||
7 Day CHG~0.00%
Published-16 Oct, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-geforce_experiencewindowsGeForce Experience
CWE ID-CWE-20
Improper Input Validation
CVE-2022-34669
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.94%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-10 Apr, 2025 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can access or modify system files or other files that are critical to the application, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsvirtual_gpucloud_gamingvGPU software (guest driver) - Windows, NVIDIA Cloud Gaming (guest driver)
CWE ID-CWE-73
External Control of File Name or Path
CWE ID-CWE-610
Externally Controlled Reference to a Resource in Another Sphere
CVE-2022-31609
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.18%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 20:30
Updated-03 Aug, 2024 | 07:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows the guest VM to allocate resources for which the guest is not authorized. This vulnerability may lead to loss of data integrity and confidentiality, denial of service, or information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-virtual_gpuNVIDIA Virtual GPU Software and NVIDIA Cloud Gaming
CWE ID-CWE-285
Improper Authorization
CVE-2022-31600
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 20.29%
||
7 Day CHG~0.00%
Published-04 Jul, 2022 | 18:10
Updated-03 Aug, 2024 | 07:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmmCore, where a user with high privileges can chain another vulnerability to this vulnerability, causing an integer overflow, possibly leading to code execution, escalation of privileges, denial of service, compromised integrity, and information disclosure. The scope of impact can extend to other components.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_a100_firmwaredgx_a100NVIDIA DGX A100
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-31608
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.17% / 38.34%
||
7 Day CHG~0.00%
Published-18 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 13:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-teslagpu_display_drivergeforcertxGeForce, Workstation, Compute
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2022-31599
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-8.2||HIGH
EPSS-0.06% / 18.21%
||
7 Day CHG~0.00%
Published-04 Jul, 2022 | 18:10
Updated-03 Aug, 2024 | 07:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an uninitialized pointer, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_a100_firmwaredgx_a100NVIDIA DGX A100
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2022-31614
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7||HIGH
EPSS-0.10% / 28.65%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 20:30
Updated-03 Aug, 2024 | 07:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where it may double-free some resources. An attacker may exploit this vulnerability with other vulnerabilities to cause denial of service, code execution, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-virtual_gpuNVIDIA Virtual GPU Software and NVIDIA Cloud Gaming
CWE ID-CWE-415
Double Free
CVE-2024-0129
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.08% / 22.68%
||
7 Day CHG~0.00%
Published-15 Oct, 2024 | 05:39
Updated-08 Nov, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. A successful exploit of this vulnerability may lead to code execution and data tampering.

Action-Not Available
Vendor-Linux Kernel Organization, IncNVIDIA CorporationApple Inc.Microsoft Corporation
Product-windowsmacosnemolinux_kernelNeMo
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-0085
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.10% / 27.84%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:23
Updated-19 Aug, 2024 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA vGPU software for Windows and Linux contains a vulnerability where unprivileged users could execute privileged operations on the host. A successful exploit of this vulnerability might lead to data tampering, escalation of privileges, and denial of service.

Action-Not Available
Vendor-VMware (Broadcom Inc.)NVIDIA CorporationRed Hat, Inc.Citrix (Cloud Software Group, Inc.)Canonical Ltd.Microsoft Corporation
Product-ubuntu_linuxazure_stack_hcienterprise_linux_kernel-based_virtual_machinevirtual_gpuhypervisorvspherecloud_gamingvGPU software and Cloud Gamingcloud_gaming_virtual_gpuvirtual_gpu
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-0127
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.89%
||
7 Day CHG~0.00%
Published-26 Oct, 2024 | 08:10
Updated-01 Nov, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU software contains a vulnerability in the GPU kernel driver of the vGPU Manager for all supported hypervisors, where a user of the guest OS can cause an improper input validation by compromising the guest OS kernel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-vGPU and Cloud Gamingcloud_gaming_virtual_gpuvirtual_gpu_manager
CWE ID-CWE-20
Improper Input Validation
CVE-2024-0091
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.17% / 37.65%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:23
Updated-15 Aug, 2024 | 22:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data tampering.

Action-Not Available
Vendor-Citrix (Cloud Software Group, Inc.)Microsoft CorporationCanonical Ltd.Red Hat, Inc.VMware (Broadcom Inc.)NVIDIA CorporationLinux Kernel Organization, Inc
Product-ubuntu_linuxstudiovirtual_gpuhypervisorteslavspherequadrocloud_gaminggeforcertxlinux_kernelgpu_display_driverazure_stack_hcienterprise_linux_kernel-based_virtual_machinenvswindowsGPU display driver, vGPU software, and Cloud Gamingstudioquadro_firmwarenvs_firmwareteslageforcertx
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2024-0146
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.45%
||
7 Day CHG~0.00%
Published-28 Jan, 2025 | 04:09
Updated-28 Jan, 2025 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause memory corruption. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, or data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-NVIDIA vGPU software
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-0107
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.25% / 47.73%
||
7 Day CHG~0.00%
Published-08 Aug, 2024 | 16:57
Updated-04 Nov, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-cloud_gaminggpu_display_driverteslavirtual_gpuwindowsrtxgeforcequadroGPU Display Driver, vGPU Software, Cloud Gaming
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-0089
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.17% / 38.37%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:23
Updated-15 Aug, 2024 | 22:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA GPU Display Driver for Windows contains a vulnerability where the information from a previous client or another process could be disclosed. A successful exploit of this vulnerability might lead to code execution, information disclosure, or data tampering.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-studiogpu_display_drivervirtual_gpunvswindowsteslaquadrocloud_gaminggeforcertxGPU display driver, vGPU software, and Cloud Gamingstudioquadro_firmwarenvs_firmwareteslageforcertx
CWE ID-CWE-665
Improper Initialization
CVE-2024-0084
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.20% / 41.71%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:23
Updated-15 Aug, 2024 | 22:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could execute privileged operations. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service.

Action-Not Available
Vendor-VMware (Broadcom Inc.)NVIDIA CorporationRed Hat, Inc.Canonical Ltd.Citrix (Cloud Software Group, Inc.)
Product-ubuntu_linuxenterprise_linux_kernel-based_virtual_machinevirtual_gpuhypervisorvspherecloud_gamingvGPU software and Cloud Gamingvirtual_gpu_graphics_driver
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2022-28198
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-6.6||MEDIUM
EPSS-0.07% / 20.81%
||
7 Day CHG~0.00%
Published-29 Apr, 2022 | 20:25
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Omniverse Nucleus and Cache contain a vulnerability in its configuration of OpenSSL, where an attacker with physical access to the system can cause arbitrary code execution which can impact confidentiality, integrity, and availability.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsomniverse_nucleusomniverse_cacheNVIDIA Omniverse NucleusNVIDIA Omniverse Cache
CWE ID-CWE-706
Use of Incorrectly-Resolved Name or Reference
CVE-2021-1081
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.36%
||
7 Day CHG~0.00%
Published-29 Apr, 2021 | 18:50
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and Virtual GPU manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior 8.7).

Action-Not Available
Vendor-nutanixRed Hat, Inc.Citrix (Cloud Software Group, Inc.)VMware (Broadcom Inc.)Microsoft CorporationNVIDIA CorporationLinux Kernel Organization, Inc
Product-linux_kernelenterprise_linux_kernel-based_virtual_machinehypervisorwindowsvirtual_gpu_managervsphereahvNVIDIA Virtual GPU Software
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2021-1085
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.3||HIGH
EPSS-0.04% / 12.79%
||
7 Day CHG~0.00%
Published-29 Apr, 2021 | 18:50
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to write to a shared memory location and manipulate the data after the data has been validated, which may lead to denial of service and escalation of privileges and information disclosure but attacker doesn't have control over what information is obtained. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior to 8.7).

Action-Not Available
Vendor-nutanixVMware (Broadcom Inc.)NVIDIA CorporationCitrix (Cloud Software Group, Inc.)Red Hat, Inc.
Product-enterprise_linux_kernel-based_virtual_machinehypervisorvirtual_gpu_managervsphereahvNVIDIA Virtual GPU Software
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1067
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.10% / 27.91%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 22:25
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the implementation of the RPMB command status, in which an attacker can write to the Write Protect Configuration Block, which may lead to denial of service or escalation of privileges.

Action-Not Available
Vendor-Google LLCNVIDIA Corporation
Product-androidshield_experienceSHIELD TV
CVE-2021-1089
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.67%
||
7 Day CHG~0.00%
Published-22 Jul, 2021 | 04:25
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows contains a vulnerability in nvidia-smi where an uncontrolled DLL loading path may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-gpu_display_driverNVIDIA GPU Display Driver
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-1118
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.61%
||
7 Day CHG~0.00%
Published-29 Oct, 2021 | 19:30
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to execute privileged operations by the guest OS, which may lead to information disclosure, data tampering, escalation of privileges, and denial of service

Action-Not Available
Vendor-NVIDIA Corporation
Product-virtual_gpuNVIDIA Virtual GPU Software
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-1076
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-6.6||MEDIUM
EPSS-0.06% / 19.71%
||
7 Day CHG~0.00%
Published-21 Apr, 2021 | 00:00
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of service, information disclosure, or data corruption.

Action-Not Available
Vendor-Debian GNU/LinuxNVIDIA Corporation
Product-debian_linuxgpu_display_driverNVIDIA GPU Display Driver
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 36
  • 37
  • Next
Details not found