Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-42285

Summary
Assigner-nvidia
Assigner Org ID-9576f279-3576-44b5-a4af-b9a8644b2de6
Published At-13 Jan, 2023 | 01:48
Updated At-07 Apr, 2025 | 18:03
Rejected At-
Credits

DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization (PEI)phase, where a privileged user can disable SPI flash protection, which may lead to denial of service, escalation of privileges, or data tampering.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:nvidia
Assigner Org ID:9576f279-3576-44b5-a4af-b9a8644b2de6
Published At:13 Jan, 2023 | 01:48
Updated At:07 Apr, 2025 | 18:03
Rejected At:
▼CVE Numbering Authority (CNA)

DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization (PEI)phase, where a privileged user can disable SPI flash protection, which may lead to denial of service, escalation of privileges, or data tampering.

Affected Products
Vendor
NVIDIA CorporationNVIDIA
Product
NVIDIA DGX servers
Default Status
unaffected
Versions
Affected
  • All SBIOS firmware versions prior to 1.18
Problem Types
TypeCWE IDDescription
CWECWE-1231CWE-1231
Type: CWE
CWE ID: CWE-1231
Description: CWE-1231
Metrics
VersionBase scoreBase severityVector
3.16.0MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Version: 3.1
Base score: 6.0
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
N/ADenial of Service, Escalation of Privileges, Data Tampering
CAPEC ID: N/A
Description: Denial of Service, Escalation of Privileges, Data Tampering
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://nvidia.custhelp.com/app/answers/detail/a_id/5435
N/A
Hyperlink: https://nvidia.custhelp.com/app/answers/detail/a_id/5435
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://nvidia.custhelp.com/app/answers/detail/a_id/5435
x_transferred
Hyperlink: https://nvidia.custhelp.com/app/answers/detail/a_id/5435
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@nvidia.com
Published At:13 Jan, 2023 | 02:15
Updated At:24 Jan, 2023 | 16:03

DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization (PEI)phase, where a privileged user can disable SPI flash protection, which may lead to denial of service, escalation of privileges, or data tampering.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.16.0MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.0
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
CPE Matches
NVIDIA Corporation
nvidia
>>sbios>>Versions before 1.18(exclusive)
cpe:2.3:o:nvidia:sbios:*:*:*:*:*:*:*:*
NVIDIA Corporation
nvidia
>>dgx_a100>>-
cpe:2.3:h:nvidia:dgx_a100:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE-1231Secondarypsirt@nvidia.com
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-1231
Type: Secondary
Source: psirt@nvidia.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://nvidia.custhelp.com/app/answers/detail/a_id/5435psirt@nvidia.com
Vendor Advisory
Hyperlink: https://nvidia.custhelp.com/app/answers/detail/a_id/5435
Source: psirt@nvidia.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

173Records found
CVE-2026-24149
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.00%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 19:55
Updated-04 Feb, 2026 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-Megatron-LM
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-0127
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.78%
||
7 Day CHG~0.00%
Published-26 Oct, 2024 | 08:10
Updated-01 Nov, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU software contains a vulnerability in the GPU kernel driver of the vGPU Manager for all supported hypervisors, where a user of the guest OS can cause an improper input validation by compromising the guest OS kernel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-vGPU and Cloud Gamingcloud_gaming_virtual_gpuvirtual_gpu_manager
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1099
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7||HIGH
EPSS-0.18% / 38.88%
||
7 Day CHG~0.00%
Published-21 Jul, 2021 | 02:55
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin) that could allow an attacker to cause stack-based buffer overflow and put a customized ROP gadget on the stack. Such an attack may lead to information disclosure, data tampering, or denial of service. This affects vGPU version 12.x (prior to 12.3), version 11.x (prior to 11.5) and version 8.x (prior 8.8).

Action-Not Available
Vendor-NVIDIA Corporation
Product-virtual_gpuNVIDIA Virtual GPU Software
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5700
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.04%
||
7 Day CHG~0.00%
Published-09 Oct, 2019 | 21:05
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software contains a vulnerability in the bootloader, where it does not validate the fields of the boot image, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.

Action-Not Available
Vendor-n/aGoogle LLCNVIDIA Corporation
Product-shield_experienceandroidNVIDIA SHIELD TV
CWE ID-CWE-20
Improper Input Validation
CVE-2019-5702
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.61%
||
7 Day CHG~0.00%
Published-24 Dec, 2019 | 21:05
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GeForce Experience, all versions prior to 3.20.2, contains a vulnerability when GameStream is enabled in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsgeforce_experienceGeForce Experience
CVE-2019-5689
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.38%
||
7 Day CHG~0.00%
Published-09 Nov, 2019 | 01:37
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of service, or information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-geforce_experienceNVIDIA GeForce Experience
CVE-2020-5964
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.16%
||
7 Day CHG+0.05%
Published-25 Jun, 2020 | 00:00
Updated-04 Aug, 2024 | 08:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the service host component, in which the application resources integrity check may be missed. Such an attack may lead to code execution, denial of service or information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-geforce_firmwarequadro_firmwarenvs_firmwarewindowsnvsteslageforce_experiencequadrogeforcetesla_firmwareNVIDIA GPU Display Driver
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2020-5963
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.43%
||
7 Day CHG~0.00%
Published-25 Jun, 2020 | 00:00
Updated-04 Aug, 2024 | 08:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the Inter Process Communication APIs, in which improper access control may lead to code execution, denial of service, or information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationCanonical Ltd.
Product-ubuntu_linuxgeforce_firmwarequadro_firmwarenvs_firmwarenvsteslaquadrogeforcetesla_firmwareNVIDIA GPU Display Driver
CVE-2021-34384
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.08% / 23.20%
||
7 Day CHG~0.00%
Published-30 Jun, 2021 | 10:24
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bootloader contains a vulnerability in NVIDIA MB2 where a potential heap overflow could cause memory corruption, which might lead to denial of service or code execution.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_agx_xavier_32gbjetson_tx2_4gbjetson_tx2_nxjetson_tx2jetson_tx2ijetson_agx_xavier_16gbjetson_linuxjetson_agx_xavier_8gbjetson_xavier_nxNVIDIA Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-34398
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.16%
||
7 Day CHG~0.00%
Published-13 Aug, 2021 | 15:42
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DCGM, all versions prior to 2.2.9, contains a vulnerability in the DIAG module where any user can inject shared libraries into the DCGM server, which is usually running as root, which may lead to privilege escalation, total loss of confidentiality and integrity, and complete denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-data_center_gpu_managerNVIDIA Data Center GPU Manager (DCGM)
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2021-34381
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 16.64%
||
7 Day CHG~0.00%
Published-30 Jun, 2021 | 10:24
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow on the size parameter of the tz_map_shared_mem function, which might lead to denial of service, information disclosure, or data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_tx1jetson_linuxNVIDIA Jetson TX1
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-34380
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7||HIGH
EPSS-0.08% / 23.20%
||
7 Day CHG~0.00%
Published-30 Jun, 2021 | 10:24
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bootloader contains a vulnerability in NVIDIA MB2 where potential heap overflow might cause corruption of the heap metadata, which might lead to arbitrary code execution, denial of service, and information disclosure during secure boot.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_agx_xavier_32gbjetson_tx2_4gbjetson_tx2_nxjetson_tx2jetson_tx2ijetson_agx_xavier_16gbjetson_linuxjetson_agx_xavier_8gbjetson_xavier_nxNVIDIA Jetson TX1, TX2 series, TX2 NX, AGX Xavier series, Xavier NX, Nano and Nano 2GB
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-34372
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-8.2||HIGH
EPSS-0.07% / 22.40%
||
7 Day CHG~0.00%
Published-22 Jun, 2021 | 21:25
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver contains a vulnerability in the NVIDIA OTE protocol message parsing code where an integer overflow in a malloc() size calculation leads to a buffer overflow on the heap, which might result in information disclosure, escalation of privileges, and denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_agx_xavier_32gbjetson_tx2_4gbjetson_tx2_nxjetson_tx2jetson_tx2ijetson_agx_xavier_16gbjetson_linuxjetson_tx1jetson_nano_2gbjetson_nanojetson_agx_xavier_8gbjetson_xavier_nxNVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NX
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-34388
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.08% / 23.20%
||
7 Day CHG~0.00%
Published-21 Jun, 2021 | 21:35
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bootloader contains a vulnerability in NVIDIA TegraBoot where a potential heap overflow might allow an attacker to control all the RAM after the heap block, leading to denial of service or code execution.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_agx_xavier_32gbjetson_tx2_4gbjetson_tx2_nxjetson_tx2jetson_tx2ijetson_agx_xavier_16gbjetson_linuxjetson_tx1jetson_nano_2gbjetson_nanojetson_agx_xavier_8gbjetson_xavier_nxNVIDIA Jetson TX1, TX2 series, TX2 NX, AGX Xavier series, Xavier NX, Nano and Nano 2GB
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5691
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.32%
||
7 Day CHG~0.00%
Published-09 Nov, 2019 | 01:40
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which a NULL pointer is dereferenced, which may lead to denial of service or escalation of privileges.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsgpu_driverNVIDIA GPU Display Driver
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-5690
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.32%
||
7 Day CHG~0.00%
Published-09 Nov, 2019 | 01:39
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the size of an input buffer is not validated, which may lead to denial of service or escalation of privileges.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsgpu_driverNVIDIA GPU Display Driver
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-34403
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.18%
||
7 Day CHG~0.00%
Published-18 Jan, 2022 | 18:05
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Linux distributions contain a vulnerability in nvmap ioctl, which allows any user with a local account to exploit a use-after-free condition, leading to code privilege escalation, loss of confidentiality and integrity, or denial of service.

Action-Not Available
Vendor-Google LLCNVIDIA Corporation
Product-shield_experienceandroidSHIELD TV
CWE ID-CWE-416
Use After Free
CVE-2025-33249
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-Not Assigned
Published-18 Feb, 2026 | 13:56
Updated-18 Feb, 2026 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA NeMo Framework for all platforms contains a vulnerability in a voice-preprocessing script, where malicious input created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-NeMo Framework
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2016-2556
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.61%
||
7 Day CHG~0.00%
Published-12 Apr, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows improperly allows access to restricted functionality, which allows local users to gain privileges via unspecified vectors.

Action-Not Available
Vendor-n/aMicrosoft CorporationNVIDIA Corporation
Product-windowsgpu_driver_r352gpu_driver_r340n/a
CVE-2023-31015
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-6.6||MEDIUM
EPSS-0.05% / 15.14%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 01:12
Updated-24 Sep, 2024 | 15:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX H100 BMC contains a vulnerability in the REST service where a host user may cause as improper authentication issue. A successful exploit of this vulnerability may lead to escalation of privileges, information disclosure, code execution, and denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_h100_firmwaredgx_h100DGX H100 BMC
CWE ID-CWE-287
Improper Authentication
CVE-2023-31008
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.3||HIGH
EPSS-0.08% / 22.60%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 00:55
Updated-24 Sep, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of services, escalation of privileges, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_h100_firmwaredgx_h100DGX H100 BMC
CWE ID-CWE-20
Improper Input Validation
CVE-2023-31019
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.15%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 18:56
Updated-12 Sep, 2024 | 13:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA GPU Display Driver for Windows contains a vulnerability in wksServicePlugin.dll, where the driver implementation does not restrict or incorrectly restricts access from the named pipe server to a connecting client, which may lead to potential impersonation to the client's secure context.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsvirtual_gpuNVIDIA GPU Display driver, vGPU driver, and Cloud gaming drivergpu_display_driver
CWE ID-CWE-284
Improper Access Control
CVE-2023-31017
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 5.37%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 18:56
Updated-12 Sep, 2024 | 13:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may be able to write arbitrary data to privileged locations by using reparse points. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsvirtual_gpuNVIDIA GPU Display driver, vGPU driver, and Cloud gaming drivergpu_display_driver
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2023-31035
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 9.44%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 18:31
Updated-30 Aug, 2024 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerability that could be used to execute arbitrary code at the SMM level. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_a100_firmwaredgx_a100DGX A100dgx_a100_firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2025-33183
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.22%
||
7 Day CHG~0.00%
Published-18 Nov, 2025 | 16:57
Updated-19 Nov, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-NVIDIA Isaac-GR00T N1.5
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-33218
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.25%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 17:47
Updated-29 Jan, 2026 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-RTX PRO, RTX, QuadroGeForceGuest driverTesla
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-33234
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.64%
||
7 Day CHG~0.00%
Published-27 Jan, 2026 | 17:58
Updated-29 Jan, 2026 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA runx contains a vulnerability where an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-NVIDIA runx
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-33235
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.17%
||
7 Day CHG~0.00%
Published-16 Dec, 2025 | 17:38
Updated-02 Feb, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Resiliency Extension for Linux contains a vulnerability in the checkpointing core, where an attacker may cause a race condition. A successful exploit of this vulnerability might lead to information disclosure, data tampering, denial of service, or escalation of privileges.

Action-Not Available
Vendor-Linux Kernel Organization, IncNVIDIA Corporation
Product-nvidia_resiliency_extensionlinux_kernelResiliency Extension
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2025-33190
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 2.74%
||
7 Day CHG~0.00%
Published-25 Nov, 2025 | 17:58
Updated-02 Dec, 2025 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware where an attacker could cause an out-of-bound write. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, or escalation of privileges.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_osdgx_sparkDGX Spark
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-33219
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.25%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 17:48
Updated-29 Jan, 2026 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-GeForceVirtual GPU ManagerTeslaRTX PRO, RTX, QuadroGuest driver
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-33217
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.25%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 17:46
Updated-29 Jan, 2026 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Display Driver for Windows contains a vulnerability where an attacker could trigger a use after free. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-RTX PRO, RTX, QuadroGeForceTesla
CWE ID-CWE-416
Use After Free
CVE-2025-33220
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.25%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 17:48
Updated-29 Jan, 2026 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause heap memory access after the memory is freed. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-RTX PRO, RTX, QuadroGeForceVirtual GPU ManagerTesla
CWE ID-CWE-416
Use After Free
CVE-2025-33187
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-9.3||CRITICAL
EPSS-0.01% / 2.50%
||
7 Day CHG~0.00%
Published-25 Nov, 2025 | 17:57
Updated-02 Dec, 2025 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT, where an attacker could use privileged access to gain access to SoC protected areas. A successful exploit of this vulnerability might lead to code execution, information disclosure, data tampering, denial of service, or escalation of privileges.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_osdgx_sparkDGX Spark
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-33233
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.88%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 17:43
Updated-26 Jan, 2026 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-Merlin Transformers4Rec
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-33184
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.22%
||
7 Day CHG~0.00%
Published-18 Nov, 2025 | 16:57
Updated-19 Nov, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-NVIDIA Isaac-GR00T N1.5
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-33178
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.22%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 16:18
Updated-11 Dec, 2025 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA NeMo Framework for all platforms contains a vulnerability in the bert services component where malicious data created by an attacker may cause a code injection. A successful exploit of this vulnerability may lead to Code execution, Escalation of privileges, Information disclosure, and Data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-nemoNeMo Framework
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-33189
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.37%
||
7 Day CHG~0.00%
Published-25 Nov, 2025 | 17:58
Updated-02 Dec, 2025 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an out-of-bound write. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, information disclosure, or escalation of privileges.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_osdgx_sparkDGX Spark
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-33195
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 3.23%
||
7 Day CHG~0.00%
Published-25 Nov, 2025 | 17:59
Updated-02 Dec, 2025 | 17:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause unexpected memory buffer operations. A successful exploit of this vulnerability might lead to data tampering, denial of service, or escalation of privileges.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_osdgx_sparkDGX Spark
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-25509
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-6||MEDIUM
EPSS-0.03% / 8.47%
||
7 Day CHG~0.00%
Published-22 Apr, 2023 | 02:32
Updated-04 Feb, 2025 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX-1 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, and escalation of privileges.

Action-Not Available
Vendor-NVIDIA Corporation
Product-sbiosdgx-1NVIDIA DGX servers
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-25527
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.24%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 00:06
Updated-24 Sep, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory. A successful exploit of this vulnerability may lead to arbitrary kernel code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_h100_firmwaredgx_h100DGX H100 BMCdgx_h100_bmc
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-25508
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 9.97%
||
7 Day CHG~0.00%
Published-22 Apr, 2023 | 02:32
Updated-04 Feb, 2025 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where an attacker with the appropriate level of authorization can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-bmcdgx-1NVIDIA DGX servers
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-25519
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.67%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 00:49
Updated-26 Sep, 2024 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit contains a vulnerability where a restricted host may cause an incorrect user management error. A successful exploit of this vulnerability may lead to escalation of privileges. 

Action-Not Available
Vendor-NVIDIA Corporation
Product-bluefield_2_ltsbluefield_3_ga_firmwarebluefield_2_gabluefield_1bluefield_3_gabluefield_2_lts_firmwarebluefield_2_ga_firmwarebluefield_1_firmwareBlueField 3 GABlueField 1BlueField 2 GABlueField 2 LTSbluefield_2_ltsbluefield_2_gabluefield_1bluefield_3_ga
CWE ID-CWE-286
Incorrect User Management
CVE-2023-25505
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 28.75%
||
7 Day CHG+0.02%
Published-22 Apr, 2023 | 02:29
Updated-04 Feb, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the AMI MegaRAC BMC , where an attacker with the appropriate level of authorization can cause a buffer overflow, which may lead to denial of service, information disclosure, or arbitrary code execution.

Action-Not Available
Vendor-NVIDIA Corporation
Product-bmcdgx-1NVIDIA DGX servers
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-25522
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 7.60%
||
7 Day CHG~0.00%
Published-03 Jul, 2023 | 23:27
Updated-25 Nov, 2024 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause improper input validation by providing configuration information in an unexpected format. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_a800_firmwaredgx_a800dgx_a100dgx_a100_firmwareDGX A100/A800dgx_a800dgx_a100
CWE ID-CWE-20
Improper Input Validation
CVE-2023-25515
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.91%
||
7 Day CHG~0.00%
Published-23 Jun, 2023 | 17:07
Updated-29 Nov, 2024 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrusted data is parsed, which may lead to code execution, denial of service, escalation of privileges, data tampering, or information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-studiogpu_display_drivervirtual_gpunvswindowsteslaquadrocloud_gaminggeforcertxGPU Display Driver for Windows and Linuxgpu_display_driver
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2025-23296
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.72%
||
7 Day CHG~0.00%
Published-13 Aug, 2025 | 17:25
Updated-14 Aug, 2025 | 13:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-NVIDIA Isaac-GR00T N1
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-23354
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.09%
||
7 Day CHG~0.00%
Published-24 Sep, 2025 | 13:14
Updated-10 Oct, 2025 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Megatron-LM for all platforms contains a vulnerability in the ensemble_classifer script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, Information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-megatron-lmMegatron-LM
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-23306
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 5.24%
||
7 Day CHG~0.00%
Published-13 Aug, 2025 | 17:35
Updated-19 Sep, 2025 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Megatron-LM for all platforms contains a vulnerability in the megatron/training/ arguments.py component where an attacker could cause a code injection issue by providing a malicious input. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-megatron-lmMegatron-LM
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-23284
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.06%
||
7 Day CHG~0.00%
Published-02 Aug, 2025 | 22:16
Updated-05 Aug, 2025 | 03:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause a stack buffer overflow. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, or data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-GPU Display Drivers
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-23303
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-1.65% / 81.67%
||
7 Day CHG~0.00%
Published-13 Aug, 2025 | 17:15
Updated-23 Sep, 2025 | 23:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA NeMo Framework for all platforms contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering.

Action-Not Available
Vendor-Apple Inc.Linux Kernel Organization, IncNVIDIA CorporationMicrosoft Corporation
Product-nemolinux_kernelmacoswindowsNVIDIA NeMo Framework
CWE ID-CWE-502
Deserialization of Untrusted Data
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found