Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-28193

Summary
Assigner-nvidia
Assigner Org ID-9576f279-3576-44b5-a4af-b9a8644b2de6
Published At-27 Apr, 2022 | 17:57
Updated At-03 Aug, 2024 | 05:48
Rejected At-
Credits

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, loss of integrity, limited denial of service, and some impact to confidentiality.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:nvidia
Assigner Org ID:9576f279-3576-44b5-a4af-b9a8644b2de6
Published At:27 Apr, 2022 | 17:57
Updated At:03 Aug, 2024 | 05:48
Rejected At:
▼CVE Numbering Authority (CNA)

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, loss of integrity, limited denial of service, and some impact to confidentiality.

Affected Products
Vendor
NVIDIA CorporationNVIDIA
Product
Jetson AGX Xavier series, Jetson Xavier NX
Versions
Affected
  • All 32.x versions prior to 32.7.2
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20 Improper Input Validation
Type: CWE
CWE ID: CWE-20
Description: CWE-20 Improper Input Validation
Metrics
VersionBase scoreBase severityVector
3.15.6MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L
Version: 3.1
Base score: 5.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://nvidia.custhelp.com/app/answers/detail/a_id/5343
x_refsource_MISC
Hyperlink: https://nvidia.custhelp.com/app/answers/detail/a_id/5343
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://nvidia.custhelp.com/app/answers/detail/a_id/5343
x_refsource_MISC
x_transferred
Hyperlink: https://nvidia.custhelp.com/app/answers/detail/a_id/5343
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@nvidia.com
Published At:27 Apr, 2022 | 18:15
Updated At:28 Jun, 2023 | 13:51

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, loss of integrity, limited denial of service, and some impact to confidentiality.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.6MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L
Secondary3.15.6MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L
Primary2.04.6MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 5.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L
Type: Secondary
Version: 3.1
Base score: 5.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L
Type: Primary
Version: 2.0
Base score: 4.6
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
NVIDIA Corporation
nvidia
>>jetson_linux>>Versions before 32.7.2(exclusive)
cpe:2.3:o:nvidia:jetson_linux:*:*:*:*:*:*:*:*
NVIDIA Corporation
nvidia
>>jetson_agx_xavier>>-
cpe:2.3:h:nvidia:jetson_agx_xavier:-:*:*:*:*:*:*:*
NVIDIA Corporation
nvidia
>>jetson_xavier_nx>>-
cpe:2.3:h:nvidia:jetson_xavier_nx:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE-20Secondarypsirt@nvidia.com
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-20
Type: Secondary
Source: psirt@nvidia.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://nvidia.custhelp.com/app/answers/detail/a_id/5343psirt@nvidia.com
Vendor Advisory
Hyperlink: https://nvidia.custhelp.com/app/answers/detail/a_id/5343
Source: psirt@nvidia.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

809Records found
CVE-2021-1053
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 25.88%
||
7 Day CHG~0.00%
Published-08 Jan, 2021 | 00:00
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which improper validation of a user pointer may lead to denial of service.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsgpu_driverlinux_kernelNVIDIA GPU Display Driver
CWE ID-CWE-20
Improper Input Validation
CVE-2024-0126
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-8.2||HIGH
EPSS-0.06% / 18.73%
||
7 Day CHG~0.00%
Published-26 Oct, 2024 | 08:01
Updated-01 Nov, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability which could allow a privileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-GPU, vGPU, and Cloud Gamingcloud_gaming_virtual_gpuvirtual_gpu_managergpu_display_driver
CWE ID-CWE-20
Improper Input Validation
CVE-2022-28199
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.63% / 69.38%
||
7 Day CHG~0.00%
Published-01 Sep, 2022 | 16:20
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-data_plane_development_kitwindowslinux_kernelNVIDIA FLARE
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CWE ID-CWE-20
Improper Input Validation
CVE-2022-28185
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.08% / 24.41%
||
7 Day CHG+0.03%
Published-17 May, 2022 | 00:00
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the ECC layer, where an unprivileged regular user can cause an out-of-bounds write, which may lead to denial of service and data tampering.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsvirtual_gpulinux_kernelNVIDIA GPU Display Driver
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-28181
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-8.5||HIGH
EPSS-0.89% / 74.65%
||
7 Day CHG+0.28%
Published-17 May, 2022 | 00:00
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsvirtual_gpulinux_kernelgpu_display_driverNVIDIA GPU Display Driver
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-28188
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 32.65%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 19:15
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly, which may lead to denial of service.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsvirtual_gpugpu_display_driverNVIDIA GPU Display Driver
CWE ID-CWE-20
Improper Input Validation
CVE-2022-28186
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.05% / 15.19%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 19:15
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly, which may lead to denial of service or data tampering.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsvirtual_gpugpu_display_driverNVIDIA GPU Display Driver
CWE ID-CWE-20
Improper Input Validation
CVE-2024-0127
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.55%
||
7 Day CHG~0.00%
Published-26 Oct, 2024 | 08:10
Updated-01 Nov, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU software contains a vulnerability in the GPU kernel driver of the vGPU Manager for all supported hypervisors, where a user of the guest OS can cause an improper input validation by compromising the guest OS kernel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-vGPU and Cloud Gamingcloud_gaming_virtual_gpuvirtual_gpu_manager
CWE ID-CWE-20
Improper Input Validation
CVE-2022-28196
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.24% / 47.35%
||
7 Day CHG~0.00%
Published-27 Apr, 2022 | 17:57
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot blob_decompress function, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, limited loss of Integrity, and limited denial of service. The scope of impact can extend to other components.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_agx_xavierjetson_tx2_nxjetson_tx2jetson_linuxjetson_xavier_nxJetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 NX, Jetson TX2 series
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-28182
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-8.5||HIGH
EPSS-1.03% / 76.47%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 19:15
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), where an unauthorized attacker on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution to cause denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsvirtual_gpugpu_display_driverNVIDIA GPU Display Driver
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-5970
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-7.1||HIGH
EPSS-0.05% / 15.19%
||
7 Day CHG~0.00%
Published-30 Jun, 2020 | 22:25
Updated-04 Aug, 2024 | 08:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data size is not validated, which may lead to tampering or denial of service. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).

Action-Not Available
Vendor-NVIDIA Corporation
Product-virtual_gpu_managerNVIDIA vGPU Software
CWE ID-CWE-20
Improper Input Validation
CVE-2020-5986
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.19%
||
7 Day CHG~0.00%
Published-02 Oct, 2020 | 21:10
Updated-04 Aug, 2024 | 08:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data size is not validated, which may lead to tampering or denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0.

Action-Not Available
Vendor-NVIDIA Corporation
Product-virtual_gpu_managerNVIDIA vGPU Software
CWE ID-CWE-20
Improper Input Validation
CVE-2020-5983
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-7.1||HIGH
EPSS-0.05% / 16.64%
||
7 Day CHG~0.00%
Published-02 Oct, 2020 | 21:10
Updated-04 Aug, 2024 | 08:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin and the host driver kernel module, in which the potential exists to write to a memory location that is outside the intended boundary of the frame buffer memory allocated to guest operating systems, which may lead to denial of service or information disclosure. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0.

Action-Not Available
Vendor-NVIDIA Corporation
Product-virtual_gpu_managerNVIDIA vGPU Software
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-28190
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 32.06%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 19:15
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where improper input validation can cause denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-gpu_display_driverNVIDIA GPU Display Driver
CWE ID-CWE-20
Improper Input Validation
CVE-2020-5985
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-7.1||HIGH
EPSS-0.05% / 15.19%
||
7 Day CHG~0.00%
Published-02 Oct, 2020 | 21:10
Updated-04 Aug, 2024 | 08:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data length is not validated, which may lead to tampering or denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0.

Action-Not Available
Vendor-NVIDIA Corporation
Product-virtual_gpu_managerNVIDIA vGPU Software
CWE ID-CWE-20
Improper Input Validation
CVE-2022-21820
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.52% / 65.64%
||
7 Day CHG~0.00%
Published-24 Mar, 2022 | 17:05
Updated-03 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DCGM contains a vulnerability in nvhostengine, where a network user can cause detection of error conditions without action, which may lead to limited code execution, some denial of service, escalation of privileges, and limited impacts to both data confidentiality and integrity.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, Inc
Product-data_center_gpu_managerlinux_kernelNVIDIA Data Center GPU Manager
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2017-6268
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.14%
||
7 Day CHG~0.00%
Published-22 Sep, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or possible escalation of privileges.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-gpu_driverwindowsGPU Display Driver
CWE ID-CWE-20
Improper Input Validation
CVE-2017-6269
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.57%
||
7 Day CHG~0.00%
Published-22 Sep, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from a user to the driver is used without validation which may lead to denial of service or possible escalation of privileges.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-gpu_driverwindowsGPU Display Driver
CWE ID-CWE-20
Improper Input Validation
CVE-2017-6277
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.45%
||
7 Day CHG~0.00%
Published-22 Sep, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or possible escalation of privileges.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-gpu_driverwindowsGPU Display Driver
CWE ID-CWE-20
Improper Input Validation
CVE-2017-6272
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.45%
||
7 Day CHG~0.00%
Published-22 Sep, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to a denial of service or possible escalation of privileges.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-gpu_driverwindowsGPU Display Driver
CWE ID-CWE-20
Improper Input Validation
CVE-2017-14491
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-52.38% / 97.84%
||
7 Day CHG~0.00%
Published-02 Oct, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

Action-Not Available
Vendor-thekelleysn/aHuawei Technologies Co., Ltd.Debian GNU/LinuxSUSERed Hat, Inc.Aruba NetworksSynology, Inc.NVIDIA CorporationArista Networks, Inc.Canonical Ltd.openSUSEMicrosoft CorporationSiemens AG
Product-enterprise_linux_desktopruggedcom_rm1224_firmwarescalance_w1750d_firmwarescalance_s615enterprise_linux_workstationlinux_for_tegradnsmasqlinux_enterprise_serverleaprouter_managerlinux_enterprise_point_of_salearubaosenterprise_linux_serverdebian_linuxjetson_tk1scalance_s615_firmwaregeforce_experiencelinux_enterprise_debuginfoeosscalance_m-800diskstation_managerhonor_v9_play_firmwarejetson_tx1scalance_w1750druggedcom_rm1224ubuntu_linuxhonor_v9_playscalance_m-800_firmwarewindowsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-6255
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.57%
||
7 Day CHG~0.00%
Published-28 Jul, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an improper input parameter handling may lead to a denial of service or potential escalation of privileges.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-gpu_driverwindowsNVIDIA Windows GPU Display Driver
CWE ID-CWE-20
Improper Input Validation
CVE-2012-0952
Matching Score-6
Assigner-Canonical Ltd.
ShareView Details
Matching Score-6
Assigner-Canonical Ltd.
CVSS Score-5||MEDIUM
EPSS-0.06% / 19.16%
||
7 Day CHG~0.00%
Published-08 May, 2020 | 00:50
Updated-16 Sep, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap overflow in control device ioctl

A heap buffer overflow was discovered in the device control ioctl in the Linux driver for Nvidia graphics cards, which may allow an attacker to overflow 49 bytes. This issue was fixed in version 295.53.

Action-Not Available
Vendor-NVIDIA Corporation
Product-display_drivergraphics drivers
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2011-4784
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.06% / 19.06%
||
7 Day CHG~0.00%
Published-27 Dec, 2011 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The NVIDIA Stereoscopic 3D driver before 7.17.12.7565 does not properly handle commands sent to a named pipe, which allows local users to gain privileges via a crafted application.

Action-Not Available
Vendor-n/aNVIDIA Corporation
Product-stereoscopic_3d_drivern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-1000251
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-2.92% / 85.86%
||
7 Day CHG~0.00%
Published-12 Sep, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.NVIDIA Corporation
Product-enterprise_linux_desktopenterprise_linux_server_tusenterprise_linux_workstationjetson_tx1linux_kernelenterprise_linux_server_eusdebian_linuxenterprise_linux_serverjetson_tk1enterprise_linux_server_ausn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-31012
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.19% / 41.14%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 01:05
Updated-24 Sep, 2024 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_h100_firmwaredgx_h100DGX H100 BMCdgx_h100_bmc
CWE ID-CWE-20
Improper Input Validation
CVE-2023-31030
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-9.3||CRITICAL
EPSS-0.19% / 41.48%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 18:31
Updated-03 Jun, 2025 | 14:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_a100_firmwaredgx_a100DGX A100
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-31013
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.19% / 41.14%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 01:06
Updated-24 Sep, 2024 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_h100_firmwaredgx_h100DGX H100 BMCdgx_h100_bmc
CWE ID-CWE-20
Improper Input Validation
CVE-2023-31011
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-5.2||MEDIUM
EPSS-0.18% / 40.08%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 01:03
Updated-24 Sep, 2024 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_h100_firmwaredgx_h100DGX H100 BMC
CWE ID-CWE-20
Improper Input Validation
CVE-2023-31008
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-7.3||HIGH
EPSS-0.08% / 23.43%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 00:55
Updated-24 Sep, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of services, escalation of privileges, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_h100_firmwaredgx_h100DGX H100 BMC
CWE ID-CWE-20
Improper Input Validation
CVE-2023-31028
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-2.8||LOW
EPSS-0.02% / 4.83%
||
7 Day CHG~0.00%
Published-05 Apr, 2024 | 17:46
Updated-02 Aug, 2024 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA nvJPEG2000 Library for Windows and Linux contains a vulnerability where improper input validation might enable an attacker to use a specially crafted input file. A successful exploit of this vulnerability might lead to a partial denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-nvJPEG2000 Library
CWE ID-CWE-20
Improper Input Validation
CVE-2023-31024
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-9||CRITICAL
EPSS-0.35% / 56.78%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 18:31
Updated-03 Jun, 2025 | 14:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause stack memory corruption by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_a100_firmwaredgx_a100DGX A100
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-31031
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-4.2||MEDIUM
EPSS-0.03% / 8.13%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 18:31
Updated-17 Jun, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local access. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_a100_firmwaredgx_a100DGX A100
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-31009
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-8.3||HIGH
EPSS-0.33% / 54.87%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 00:56
Updated-24 Sep, 2024 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_h100_firmwaredgx_h100DGX H100 BMC
CWE ID-CWE-20
Improper Input Validation
CVE-2023-31029
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-9.3||CRITICAL
EPSS-0.19% / 41.48%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 18:31
Updated-25 Oct, 2024 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA DGX A100 baseboard management controller (BMC) contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_a100_firmwaredgx_a100DGX A100dgx_a100
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-31010
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.14% / 35.20%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 01:02
Updated-24 Sep, 2024 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges, information disclosure, and denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_h100_firmwaredgx_h100DGX H100 BMCdgx_h100_bmc
CWE ID-CWE-20
Improper Input Validation
CVE-2023-31035
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 8.10%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 18:31
Updated-30 Aug, 2024 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerability that could be used to execute arbitrary code at the SMM level. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_a100_firmwaredgx_a100DGX A100dgx_a100_firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2023-25533
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-8.3||HIGH
EPSS-0.14% / 34.80%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 00:54
Updated-24 Sep, 2024 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX H100 BMC contains a vulnerability in the web UI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to information disclosure, code execution, and escalation of privileges.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_h100_firmwaredgx_h100DGX H100 BMCdgx_h100_bmc
CWE ID-CWE-20
Improper Input Validation
CVE-2023-25522
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 6.33%
||
7 Day CHG~0.00%
Published-03 Jul, 2023 | 23:27
Updated-25 Nov, 2024 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause improper input validation by providing configuration information in an unexpected format. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_a800_firmwaredgx_a800dgx_a100dgx_a100_firmwareDGX A100/A800dgx_a800dgx_a100
CWE ID-CWE-20
Improper Input Validation
CVE-2023-25528
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-8.8||HIGH
EPSS-0.49% / 64.64%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 00:07
Updated-24 Sep, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX H100 baseboard management controller (BMC) contains a vulnerability in a web server plugin, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_h100_firmwaredgx_h100DGX H100 BMCdgx_h100_bmc
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25530
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-8||HIGH
EPSS-0.32% / 54.04%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 00:09
Updated-24 Sep, 2024 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX H100 BMC contains a vulnerability in the KVM service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_h100_firmwaredgx_h100DGX H100 BMCdgx_h100_bmc
CWE ID-CWE-20
Improper Input Validation
CVE-2023-25520
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 4.00%
||
7 Day CHG~0.00%
Published-23 Jun, 2023 | 17:23
Updated-07 Nov, 2024 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Jetson Linux Driver Package contains a vulnerability in nvbootctrl, where a privileged local attacker can configure invalid settings, resulting in denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_agx_xavierjetson_tx2_nxjetson_tx2jetson_linuxjetson_xavier_nxJetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX
CWE ID-CWE-20
Improper Input Validation
CVE-2023-25506
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.04% / 10.28%
||
7 Day CHG~0.00%
Published-22 Apr, 2023 | 02:30
Updated-04 Feb, 2025 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a user with elevated privileges to cause an access beyond the end of a buffer, which may lead to code execution, escalation of privileges, denial of service and information disclosure. The scope of the impact of this vulnerability can extend to other components.

Action-Not Available
Vendor-NVIDIA Corporation
Product-sbiosdgx-1NVIDIA DGX servers
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25534
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-5.7||MEDIUM
EPSS-0.22% / 44.53%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 00:55
Updated-24 Sep, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_h100_firmwaredgx_h100DGX H100 BMC
CWE ID-CWE-20
Improper Input Validation
CVE-2017-0354
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.04% / 13.28%
||
7 Day CHG~0.00%
Published-09 May, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgkDdiEscape where a call to certain function requiring lower IRQL can be made under raised IRQL which may lead to a denial of service.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-gpu_driverwindowsGPU Display Driver
CWE ID-CWE-20
Improper Input Validation
CVE-2017-0312
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.25% / 48.43%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 23:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscapeID 0x100008b where user provided input is used as the limit for a loop may lead to denial of service or potential escalation of privileges

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-gpu_driverwindowsWindows GPU Display Driver
CWE ID-CWE-20
Improper Input Validation
CVE-2017-0350
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.57%
||
7 Day CHG~0.00%
Published-09 May, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used in an offset calculation may lead to denial of service or potential escalation of privileges.

Action-Not Available
Vendor-NVIDIA Corporation
Product-gpu_driverGPU Display Driver
CWE ID-CWE-20
Improper Input Validation
CVE-2017-0318
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.28%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 23:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All versions of NVIDIA Linux GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper validation of an input parameter may cause a denial of service on the system.

Action-Not Available
Vendor-Oracle CorporationNVIDIA CorporationFreeBSD FoundationMicrosoft Corporation
Product-freebsdgpu_driversolariswindowsLinux GPU Display Driver
CWE ID-CWE-20
Improper Input Validation
CVE-2017-0346
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.57%
||
7 Day CHG~0.00%
Published-09 May, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-gpu_driverwindowsGPU Display Driver
CWE ID-CWE-20
Improper Input Validation
CVE-2017-0355
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.28%
||
7 Day CHG~0.00%
Published-09 May, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgkDdiEscape where it may access paged memory while holding a spinlock, leading to a denial of service.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-gpu_driverwindowsGPU Display Driver
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 16
  • 17
  • Next
Details not found