Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-31603

Summary
Assigner-nvidia
Assigner Org ID-9576f279-3576-44b5-a4af-b9a8644b2de6
Published At-04 Jul, 2022 | 18:10
Updated At-03 Aug, 2024 | 07:26
Rejected At-
Credits

NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges and preconditioned IpSecDxe global data can exploit improper validation of an array index to cause code execution, which may lead to denial of service, data integrity impact, and information disclosure.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:nvidia
Assigner Org ID:9576f279-3576-44b5-a4af-b9a8644b2de6
Published At:04 Jul, 2022 | 18:10
Updated At:03 Aug, 2024 | 07:26
Rejected At:
▼CVE Numbering Authority (CNA)

NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges and preconditioned IpSecDxe global data can exploit improper validation of an array index to cause code execution, which may lead to denial of service, data integrity impact, and information disclosure.

Affected Products
Vendor
NVIDIA CorporationNVIDIA
Product
NVIDIA DGX A100
Versions
Affected
  • Versions prior to 22.5.5
Problem Types
TypeCWE IDDescription
CWECWE-129CWE-129 Improper Validation of Array Index
Type: CWE
CWE ID: CWE-129
Description: CWE-129 Improper Validation of Array Index
Metrics
VersionBase scoreBase severityVector
3.16.4MEDIUM
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 6.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://nvidia.custhelp.com/app/answers/detail/a_id/5367
x_refsource_MISC
Hyperlink: https://nvidia.custhelp.com/app/answers/detail/a_id/5367
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://nvidia.custhelp.com/app/answers/detail/a_id/5367
x_refsource_MISC
x_transferred
Hyperlink: https://nvidia.custhelp.com/app/answers/detail/a_id/5367
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@nvidia.com
Published At:04 Jul, 2022 | 18:15
Updated At:13 Jul, 2022 | 13:20

NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges and preconditioned IpSecDxe global data can exploit improper validation of an array index to cause code execution, which may lead to denial of service, data integrity impact, and information disclosure.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary3.16.4MEDIUM
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary2.04.4MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 4.4
Base severity: MEDIUM
Vector:
AV:L/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
NVIDIA Corporation
nvidia
>>dgx_a100_firmware>>Versions before 22.5.5(exclusive)
cpe:2.3:o:nvidia:dgx_a100_firmware:*:*:*:*:*:*:*:*
NVIDIA Corporation
nvidia
>>dgx_a100>>-
cpe:2.3:h:nvidia:dgx_a100:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-129Primarynvd@nist.gov
CWE-129Secondarypsirt@nvidia.com
CWE ID: CWE-129
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-129
Type: Secondary
Source: psirt@nvidia.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://nvidia.custhelp.com/app/answers/detail/a_id/5367psirt@nvidia.com
Vendor Advisory
Hyperlink: https://nvidia.custhelp.com/app/answers/detail/a_id/5367
Source: psirt@nvidia.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

57Records found
CVE-2019-5676
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.32% / 54.25%
||
7 Day CHG~0.00%
Published-10 May, 2019 | 20:21
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsgeforce_experiencegpu_display_driverNVIDIA GPU Display Driver
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2017-6296
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7||HIGH
EPSS-0.01% / 1.16%
||
7 Day CHG~0.00%
Published-06 Mar, 2018 | 16:00
Updated-16 Sep, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA TrustZone Software contains a TOCTOU issue in the DRM application which may lead to the denial of service or possible escalation of privileges. This issue is rated as moderate.

Action-Not Available
Vendor-Google LLCNVIDIA Corporation
Product-androidshield_tvshield_tv_firmwareSHIELD TV
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2019-5702
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.19%
||
7 Day CHG~0.00%
Published-24 Dec, 2019 | 21:05
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GeForce Experience, all versions prior to 3.20.2, contains a vulnerability when GameStream is enabled in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsgeforce_experienceGeForce Experience
CVE-2019-5694
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 41.41%
||
7 Day CHG~0.00%
Published-09 Nov, 2019 | 01:42
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Windows GPU Display Driver, R390 driver version, contains a vulnerability in NVIDIA Control Panel in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution. The attacker requires local system access.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsgpu_driverNVIDIA GPU Display Driver
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2019-5688
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 30.80%
||
7 Day CHG~0.00%
Published-18 Nov, 2019 | 17:33
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA NVFlash, NVUFlash Tool prior to v5.588.0 and GPUModeSwitch Tool prior to 2019-11, NVIDIA kernel mode driver (nvflash.sys, nvflsh32.sys, and nvflsh64.sys) contains a vulnerability in which authenticated users with administrative privileges can gain access to device memory and registers of other devices not managed by NVIDIA, which may lead to escalation of privileges, information disclosure, or denial of service.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-nvflashwindowsgpumodeswitchnvuflashNVIDIA NVFlash, NVUFlash, GPUModeSwitch Tool
CVE-2021-34376
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.7||HIGH
EPSS-0.05% / 15.80%
||
7 Day CHG~0.00%
Published-30 Jun, 2021 | 10:24
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 5 is missing. Improper restriction of operations within the bounds of a memory buffer might lead to denial of service, escalation of privileges, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_agx_xavier_32gbjetson_tx2_4gbjetson_tx2_nxjetson_tx2jetson_tx2ijetson_agx_xavier_16gbjetson_linuxjetson_agx_xavier_8gbjetson_xavier_nxNVIDIA Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-34402
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.12% / 31.51%
||
7 Day CHG~0.00%
Published-18 Jan, 2022 | 18:05
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVDEC, where a user with high privileges might be able to read from or write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service, Information disclosure, loss of Integrity, or possible escalation of privileges.

Action-Not Available
Vendor-Google LLCNVIDIA Corporation
Product-androidshield_experienceSHIELD TV
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-34375
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.7||HIGH
EPSS-0.07% / 22.56%
||
7 Day CHG~0.00%
Published-30 Jun, 2021 | 10:24
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trusty contains a vulnerability in all trusted applications (TAs) where the stack cookie was not randomized, which might result in stack-based buffer overflow, leading to denial of service, escalation of privileges, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_agx_xavier_32gbjetson_tx2_4gbjetson_tx2_nxjetson_tx2jetson_tx2ijetson_agx_xavier_16gbjetson_linuxjetson_agx_xavier_8gbjetson_xavier_nxNVIDIA Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-34379
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.7||HIGH
EPSS-0.07% / 20.51%
||
7 Day CHG~0.00%
Published-30 Jun, 2021 | 10:24
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 10 is missing. The length of an I/O buffer parameter is not checked, which might lead to memory corruption.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_agx_xavier_32gbjetson_tx2_4gbjetson_tx2_nxjetson_tx2jetson_tx2ijetson_agx_xavier_16gbjetson_linuxjetson_agx_xavier_8gbjetson_xavier_nxNVIDIA Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-34386
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.07% / 21.89%
||
7 Day CHG~0.00%
Published-21 Jun, 2021 | 21:35
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the calloc size calculation can cause the multiplication of count and size can overflow, which might lead to heap overflows.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_tx1jetson_linuxNVIDIA Jetson TX1
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-34387
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.03% / 5.92%
||
7 Day CHG~0.00%
Published-21 Jun, 2021 | 21:35
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ARM TrustZone Technology on which Trusty is based on contains a vulnerability in access permission settings where the portion of the DRAM reserved for TrustZone is identity-mapped by TLK with read, write, and execute permissions, which gives write access to kernel code and data that is otherwise mapped read only.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_tx1jetson_linuxNVIDIA Jetson TX1
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-34385
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.07% / 21.89%
||
7 Day CHG~0.00%
Published-30 Jun, 2021 | 10:24
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the calculation of a length could lead to a heap overflow.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_tx1jetson_linuxNVIDIA Jetson TX1
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-34394
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-4.2||MEDIUM
EPSS-0.09% / 26.50%
||
7 Day CHG~0.00%
Published-22 Jun, 2021 | 21:25
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trusty contains a vulnerability in the NVIDIA OTE protocol that is present in all TAs. An incorrect message stream deserialization allows an attacker to use the malicious CA that is run by the user to cause the buffer overflow, which may lead to information disclosure and data modification.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_agx_xavier_32gbjetson_tx2_4gbjetson_tx2_nxjetson_tx2jetson_tx2ijetson_agx_xavier_16gbjetson_linuxjetson_agx_xavier_8gbjetson_xavier_nxNVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NX
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2012-0953
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-5||MEDIUM
EPSS-0.04% / 12.66%
||
7 Day CHG~0.00%
Published-08 May, 2020 | 00:50
Updated-17 Sep, 2024 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel heap contents leak race in ioctl handler

A race condition was discovered in the Linux drivers for Nvidia graphics which allowed an attacker to exfiltrate kernel memory to userspace. This issue was fixed in version 295.53.

Action-Not Available
Vendor-NVIDIA Corporation
Product-display_drivergraphics drivers
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2022-42281
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.89%
||
7 Day CHG~0.00%
Published-13 Jan, 2023 | 01:37
Updated-07 Apr, 2025 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX A100 contains a vulnerability in SBIOS in the FsRecovery, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_a100_firmwaredgx_a100NVIDIA DGX servers
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-5977
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 23.01%
||
7 Day CHG~0.00%
Published-23 Oct, 2020 | 17:35
Updated-04 Aug, 2024 | 08:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-geforce_experienceNVIDIA GeForce Experience Software
CWE ID-CWE-426
Untrusted Search Path
CVE-2020-5992
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.93%
||
7 Day CHG~0.00%
Published-11 Nov, 2020 | 22:25
Updated-04 Aug, 2024 | 08:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GeForce NOW application software on Windows, all versions prior to 2.0.25.119, contains a vulnerability in its open-source software dependency in which the OpenSSL library is vulnerable to binary planting attacks by a local user, which may lead to code execution or escalation of privileges.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsgeforce_nowNVIDIA GeForce NOW Application
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2020-5958
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.14% / 35.12%
||
7 Day CHG~0.00%
Published-11 Mar, 2020 | 21:14
Updated-04 Aug, 2024 | 08:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can plant a malicious DLL file, which may lead to code execution, denial of service, or information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-quadro_firmwarewindowsteslageforce_experiencequadrotesla_firmwareNVIDIA GPU Display Driver
CVE-2023-25508
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 10.46%
||
7 Day CHG~0.00%
Published-22 Apr, 2023 | 02:32
Updated-04 Feb, 2025 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where an attacker with the appropriate level of authorization can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-bmcdgx-1NVIDIA DGX servers
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2018-6257
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7||HIGH
EPSS-0.05% / 16.62%
||
7 Day CHG~0.00%
Published-31 Aug, 2018 | 21:00
Updated-16 Sep, 2024 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled where improper access control may lead to a denial of service, escalation of privileges, or both.

Action-Not Available
Vendor-NVIDIA Corporation
Product-geforce_experienceNVIDIA GeForce Experience
CVE-2023-0200
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.04% / 10.22%
||
7 Day CHG~0.00%
Published-22 Apr, 2023 | 02:21
Updated-04 Feb, 2025 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX-2 contains a vulnerability in OFBD where a user with high privileges and a pre-conditioned heap can cause an access beyond a buffers end, which may lead to code execution, escalation of privileges, denial of service, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-bmcdgx-2NVIDIA DGX servers
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-0201
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.56%
||
7 Day CHG~0.00%
Published-22 Apr, 2023 | 02:22
Updated-04 Feb, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX-2 SBIOS contains a vulnerability in Bds, where a user with high privileges can cause a write beyond the bounds of an indexable resource, which may lead to code execution, denial of service, compromised integrity, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-bmcdgx-2NVIDIA DGX servers
CWE ID-CWE-118
Incorrect Access of Indexable Resource ('Range Error')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-42283
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.05% / 14.76%
||
7 Day CHG~0.00%
Published-13 Jan, 2023 | 01:39
Updated-07 Apr, 2025 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution.

Action-Not Available
Vendor-NVIDIA Corporation
Product-bmcdgx_a100NVIDIA DGX servers
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-31601
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 14.48%
||
7 Day CHG~0.00%
Published-04 Jul, 2022 | 18:10
Updated-03 Aug, 2024 | 07:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmbiosPei, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_a100_firmwaredgx_a100NVIDIA DGX A100
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-31602
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.05% / 13.88%
||
7 Day CHG~0.00%
Published-04 Jul, 2022 | 18:10
Updated-03 Aug, 2024 | 07:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with elevated privileges and a preconditioned heap can exploit an out-of-bounds write vulnerability, which may lead to code execution, denial of service, data integrity impact, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_a100_firmwaredgx_a100NVIDIA DGX A100
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-28197
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5||MEDIUM
EPSS-0.14% / 35.41%
||
7 Day CHG~0.00%
Published-27 Apr, 2022 | 17:57
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_mount function, where Insufficient validation of untrusted data may allow a highly privileged local attacker to cause an integer overflow. This difficult-to-exploit vulnerability may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. The scope of impact can extend to other components.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_agx_xavierjetson_linuxjetson_xavier_nxJetson AGX Xavier series, Jetson Xavier NX
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-11488
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.77%
||
7 Day CHG~0.00%
Published-29 Oct, 2020 | 03:35
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which software does not validate the RSA 1024 public key used to verify the firmware signature, which may lead to information disclosure or code execution.

Action-Not Available
Vendor-NVIDIA CorporationIntel Corporation
Product-bmc_firmwaredgx-1dgx-2NVIDIA DGX Servers
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2022-28194
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.3||HIGH
EPSS-0.19% / 41.62%
||
7 Day CHG~0.00%
Published-27 Apr, 2022 | 17:57
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where, if TFTP is enabled, a local attacker with elevated privileges can cause a memory buffer overflow, which may lead to code execution, loss of Integrity, limited denial of service, and some impact to confidentiality.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_agx_xavierjetson_linuxjetson_xavier_nxJetson AGX Xavier series, Jetson Xavier NX
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-6261
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7||HIGH
EPSS-0.04% / 12.52%
||
7 Day CHG~0.00%
Published-02 Oct, 2018 | 17:00
Updated-17 Sep, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation of privileges by users with system access.

Action-Not Available
Vendor-NVIDIA Corporation
Product-geforce_experienceGeForce Experience
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2021-34383
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.07% / 22.56%
||
7 Day CHG~0.00%
Published-30 Jun, 2021 | 10:24
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bootloader contains a vulnerability in NVIDIA MB2 where a potential heap overflow might lead to denial of service or escalation of privileges.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_agx_xavier_32gbjetson_tx2_4gbjetson_tx2_nxjetson_tx2jetson_tx2ijetson_agx_xavier_16gbjetson_linuxjetson_agx_xavier_8gbjetson_xavier_nxNVIDIA Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX
CWE ID-CWE-787
Out-of-bounds Write
CVE-2012-0952
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-5||MEDIUM
EPSS-0.06% / 19.10%
||
7 Day CHG~0.00%
Published-08 May, 2020 | 00:50
Updated-16 Sep, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap overflow in control device ioctl

A heap buffer overflow was discovered in the device control ioctl in the Linux driver for Nvidia graphics cards, which may allow an attacker to overflow 49 bytes. This issue was fixed in version 295.53.

Action-Not Available
Vendor-NVIDIA Corporation
Product-display_drivergraphics drivers
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-34377
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.7||HIGH
EPSS-0.05% / 15.80%
||
7 Day CHG~0.00%
Published-30 Jun, 2021 | 10:24
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 9 is missing. Improper restriction of operations within the bounds of a memory buffer might lead to escalation of privileges, information disclosure, and denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_agx_xavier_32gbjetson_tx2_4gbjetson_tx2_nxjetson_tx2jetson_tx2ijetson_agx_xavier_16gbjetson_linuxjetson_agx_xavier_8gbjetson_xavier_nxNVIDIA Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-34378
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.7||HIGH
EPSS-0.05% / 15.80%
||
7 Day CHG~0.00%
Published-30 Jun, 2021 | 10:24
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 11 is missing. Improper restriction of operations within the bounds of a memory buffer might lead to information disclosure, denial of service, or escalation of privileges.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_agx_xavier_32gbjetson_tx2_4gbjetson_tx2_nxjetson_tx2jetson_tx2ijetson_agx_xavier_16gbjetson_linuxjetson_agx_xavier_8gbjetson_xavier_nxNVIDIA Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-34374
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.7||HIGH
EPSS-0.06% / 19.23%
||
7 Day CHG~0.00%
Published-30 Jun, 2021 | 10:24
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trusty contains a vulnerability in command handlers where the length of input buffers is not verified. This vulnerability can cause memory corruption, which may lead to information disclosure, escalation of privileges, and denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_agx_xavier_32gbjetson_tx2_4gbjetson_tx2_nxjetson_tx2jetson_tx2ijetson_agx_xavier_16gbjetson_linuxjetson_agx_xavier_8gbjetson_xavier_nxNVIDIA Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX
CWE ID-CWE-20
Improper Input Validation
CVE-2021-23175
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-8.2||HIGH
EPSS-0.04% / 9.85%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 16:05
Updated-03 Aug, 2024 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service, affecting other resources beyond the intended security authority of GameStream.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsgeforce_experienceNVIDIA GeForce Experience Software
CWE ID-CWE-863
Incorrect Authorization
CVE-2019-5698
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.06% / 17.06%
||
7 Day CHG~0.00%
Published-09 Nov, 2019 | 01:47
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in the vGPU plugin, in which an input index value is incorrectly validated, which may lead to denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-virtual_gpu_managerNVIDIA VGPU Display Driver
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2019-5692
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.52%
||
7 Day CHG~0.00%
Published-09 Nov, 2019 | 01:41
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the product uses untrusted input when calculating or using an array index, which may lead to escalation of privileges or denial of service.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsgpu_driverNVIDIA GPU Display Driver
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2019-5666
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.02%
||
7 Day CHG~0.00%
Published-27 Feb, 2019 | 23:00
Updated-17 Sep, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) create context command DDI DxgkDdiCreateContext in which the product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array, which may lead to denial of service or escalation of privileges.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsgpu_driverNVIDIA GPU Graphics Driver
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2017-0345
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.52%
||
7 Day CHG~0.00%
Published-09 May, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where user provided input used as an array size is not correctly validated allows out of bound access in kernel memory and may lead to denial of service or potential escalation of privileges

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-gpu_driverwindowsGPU Display Driver
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2017-0322
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.52%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 23:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where a value passed from a user to the driver is not correctly validated and used as the index to an array, leading to denial of service or potential escalation of privileges.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-gpu_driverwindowsWindows GPU Display Driver
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2017-0347
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.52%
||
7 Day CHG~0.00%
Published-09 May, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array, which may lead to denial of service or potential escalation of privileges.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-gpu_driverwindowsGPU Display Driver
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2020-5959
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 32.05%
||
7 Day CHG~0.00%
Published-12 Mar, 2020 | 20:00
Updated-04 Aug, 2024 | 08:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in the vGPU plugin in which an input index value is incorrectly validated which may lead to denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-virtual_gpu_managerNVIDIA GPU Display Driver
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2016-8815
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.52%
||
7 Day CHG~0.00%
Published-16 Dec, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the index to an array, leading to denial of service or potential escalation of privileges.

Action-Not Available
Vendor-Microsoft CorporationNVIDIA Corporation
Product-windowsgpu_driverQuadro, NVS, GeForce, GRID and Tesla
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2022-42254
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.49%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-10 Apr, 2025 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, data tampering, or information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationRed Hat, Inc.VMware (Broadcom Inc.)Citrix (Cloud Software Group, Inc.)Linux Kernel Organization, Inc
Product-linux_kernelgpu_display_driverenterprise_linux_kernel-based_virtual_machinevirtual_gpuhypervisornvsteslavspherequadrocloud_gaminggeforcertxvGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2022-42255
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.05%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-23 Apr, 2025 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, IncCitrix (Cloud Software Group, Inc.)Red Hat, Inc.VMware (Broadcom Inc.)
Product-linux_kernelenterprise_linux_kernel-based_virtual_machinevirtual_gpuhypervisorvspherecloud_gamingvGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2025-23278
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-7.1||HIGH
EPSS-0.02% / 2.80%
||
7 Day CHG~0.00%
Published-02 Aug, 2025 | 22:05
Updated-04 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker might cause an improper index validation by issuing a call with crafted parameters. A successful exploit of this vulnerability might lead to data tampering  or denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-GPU Display Drivers
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2021-1117
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.04% / 12.80%
||
7 Day CHG~0.00%
Published-27 Oct, 2021 | 20:35
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an attacker through specific configuration and with local unprivileged system access may cause improper input validation, which may lead to denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-gpu_display_driverNVIDIA GPU Display Driver
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2016-8816
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.52%
||
7 Day CHG~0.00%
Published-16 Dec, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the index to an array, leading to denial of service or potential escalation of privileges.

Action-Not Available
Vendor-Microsoft CorporationNVIDIA Corporation
Product-windowsgpu_driverQuadro, NVS, GeForce, GRID and Tesla
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2019-5210
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.17%
||
7 Day CHG~0.00%
Published-29 Nov, 2019 | 19:29
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nova 5i pro and Nova 5 smartphones with versions earlier than 9.1.1.190(C00E190R6P2)and Versions earlier than 9.1.1.175(C00E170R3P2) have an improper validation of array index vulnerability. The system does not properly validate the input value before use it as an array index when processing certain image information. The attacker tricks the user into installing a malicious application, successful exploit could cause malicious code execution.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-nova_5i_pronova_5i_pro_firmwarenova_5_firmwarenova_5Nova 5i pro, Nova 5
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2021-30325
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 13.69%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 10:40
Updated-03 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible out of bound access of DCI resources due to lack of validation process and resource allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaresa6150p_firmwareqcs610ipq4028_firmwareqcn5550qca8337ar9380ipq8173_firmwareqcn5124qca4024_firmwarewcn3950_firmwareipq8078aipq5028_firmwaresa8150p_firmwareqca6595au_firmwaresa6155qcn5064csra6620_firmwareqcs605_firmwarecsra6640_firmwarewcn3998wcn3950qcn6024_firmwareipq8076amdm9206_firmwarewcn3660bsd460_firmwareqca6428qca6574au_firmwareqcn5164_firmwareipq8071wcd9375_firmwareqca8081_firmwarewcn3998_firmwaresa6155_firmwareqca6438_firmwareqca9986ipq8070_firmwareqca9367_firmwareipq8065ipq8078a_firmwarewcn3999qrb5165_firmwareipq5028qca7500ipq8072_firmwareipq4029_firmwareqrb5165m_firmwaresa8155_firmwareipq6010sd662_firmwareipq8068qcs405wcd9340qcn6132sd765gqualcomm215_firmwareqca6436wcn6851sa6155pqcs603_firmwareqca9888_firmwareqcn6122wcd9341ipq8068_firmwareqca6696_firmwaresd870_firmwareqca9988_firmwareqcn5154_firmwaresa8150pqca9992_firmwaresd865_5g_firmwarewcn3988qca6438sa8195p_firmwareqcn5121qcn5022_firmwareqca9898ipq4028wcn3610qca6428_firmwareipq5018_firmwareqca9985_firmwarewcn3991ipq4018_firmwareqca8337_firmwaresda429w_firmwarewcd9380_firmwareipq8072aqca7500_firmwareqca9980_firmwarewcd9330ipq8076a_firmwareipq8078qca6564ausdx55m_firmwareipq8173qcn5164qca9558qca6574csr8811_firmwarewcd9380qualcomm215qcn5054_firmwareqcs410qcn5024ipq4019_firmwareqca8072_firmwareqca9985qcn9012_firmwarewcd9335_firmwareqcn5052_firmwarewcn3980ipq6018_firmwareqcs605wcd9340_firmwarewsa8815wcn6850pmp8074_firmwareqca9986_firmwareqca6426_firmwarewcn3660b_firmwareqca9984ipq6028ipq8064qcn9024pmp8074wcn3980_firmwareqcn5550_firmwarewcd9330_firmwaresdx55mipq8064_firmwareqcn5064_firmwarear8031_firmwareipq8078_firmwareqcn5054qrb5165wcn6851_firmwareqcs603ipq8070qcn5502qca9994qca9980qcn9024_firmwareipq8174_firmwareqca6564a_firmwareqca9880sd870qcn5121_firmwaresd210_firmwareqcs610_firmwaresa6145pipq6018qca9886_firmwarear8031apq8096auqcs405_firmwaresa8145pqca6391_firmwareqca4024wcd9370_firmwaresdx55qcn5021_firmwaresa8155pcsra6640qca9531_firmwarear8035_firmwareqcn5024_firmwarewcn3991_firmwaremdm9150_firmwareqcn9070sa8145p_firmwareqca9563_firmwarecsra6620qcn9072qca9880_firmwareqca9992sd765g_firmwareqca6390_firmwareipq6000wcd9370ipq8072qcn5152_firmwareqca6564qca6426wcn3990_firmwareqrb5165n_firmwareqcn9000_firmwareqca9984_firmwareqca9377ipq5018wcd9385_firmwaresdxr2_5g_firmwareqca9563ipq8074asd662qcn5124_firmwaresa8155qcn5122_firmwaresdx55_firmwareqca6595auqcn6023_firmwarewcn3999_firmwaresm7250p_firmwarewcn3610_firmwareqca6436_firmwareqrb5165nipq5010qca6564au_firmwaresa6155p_firmwaresm6225ipq8174qca9990sdxr2_5gqcn5052qca9367wcn3988_firmwareqcn9074sd205sa6145p_firmwaresa8195pwsa8810_firmwaresd765_firmwarewcd9335qca8081qcn6023ipq8071aipq8071a_firmwarewcd9385qca6390qca9898_firmwarewcd9375ar8035csr8811ipq4019qcn9100_firmwaresda429wsd210wcn3620_firmwareipq5010_firmwareipq8074a_firmwarewsa8815_firmwarewcn6850_firmwarewcn3620qca6564aqca9988qca8072wcn3990qcn9000sd865_5gar9380_firmwareqcn9012qca9558_firmwareqcn6122_firmwareipq8065_firmwaresd665_firmwareqcn5154qca8075_firmwareipq4018qca6574aipq6005_firmwaremdm9206qca9889qcn6132_firmwareqca9888ipq8074qca9994_firmwareipq8070a_firmwareipq8076_firmwareqca6574_firmwareqca9886qcn5502_firmwaresd665ipq8076sd765qca6574a_firmwareqcn5021qcn5152sd768g_firmwareqrb5165msd460qca6391ipq6005qcn9100qcn9070_firmwareipq6028_firmwareipq8072a_firmwaresm6225_firmwareqca9531ipq8074_firmwareqca6574auqca9889_firmwaresa8155p_firmwareqcn5122sd205_firmwarewcd9341_firmwarewsa8810mdm9150qcn5022qca6564_firmwaresd768gipq6010_firmwareqca6696sa6150pqca8075qcn9022_firmwareapq8096au_firmwareqcn6024qcn9022qca9990_firmwareipq8070aqcn9072_firmwaresm7250pipq6000_firmwareipq8071_firmwareqcn9074_firmwareqcs410_firmwareipq4029Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-129
Improper Validation of Array Index
  • Previous
  • 1
  • 2
  • Next
Details not found