Filtered by vendor Nvidia
Subscribe
Total
467 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-28185 | 1 Nvidia | 2 Gpu Display Driver, Virtual Gpu | 2022-10-11 | 3.6 LOW | 7.1 HIGH |
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the ECC layer, where an unprivileged regular user can cause an out-of-bounds write, which may lead to denial of service and data tampering. | |||||
CVE-2021-1118 | 1 Nvidia | 1 Virtual Gpu | 2022-09-20 | 4.6 MEDIUM | 7.8 HIGH |
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to execute privileged operations by the guest OS, which may lead to information disclosure, data tampering, escalation of privileges, and denial of service | |||||
CVE-2022-28199 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Data Plane Development Kit | 2022-09-07 | N/A | 6.5 MEDIUM |
NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality. | |||||
CVE-2022-21815 | 2 Microsoft, Nvidia | 10 Windows, Cloud Gaming Guest, Geforce and 7 more | 2022-09-02 | 4.9 MEDIUM | 5.5 MEDIUM |
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system crash. | |||||
CVE-2022-21816 | 1 Nvidia | 2 Cloud Gaming Virtual Gpu, Virtual Gpu | 2022-09-02 | 4.9 MEDIUM | 5.5 MEDIUM |
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where a user in the guest OS can cause a GPU interrupt storm on the hypervisor host, leading to a denial of service. | |||||
CVE-2022-21814 | 2 Linux, Nvidia | 7 Linux Kernel, Geforce, Gpu Display Driver and 4 more | 2022-09-02 | 3.6 LOW | 6.1 MEDIUM |
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver package, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service. | |||||
CVE-2022-34668 | 1 Nvidia | 1 Nvflare | 2022-09-01 | N/A | 9.8 CRITICAL |
NVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data due to Pickle usage may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity. | |||||
CVE-2022-31618 | 1 Nvidia | 1 Virtual Gpu | 2022-08-11 | N/A | 5.5 MEDIUM |
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a null pointer, which may lead to denial of service. | |||||
CVE-2022-31614 | 1 Nvidia | 1 Virtual Gpu | 2022-08-10 | N/A | 7.8 HIGH |
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where it may double-free some resources. An attacker may exploit this vulnerability with other vulnerabilities to cause denial of service, code execution, and information disclosure. | |||||
CVE-2022-31609 | 1 Nvidia | 1 Virtual Gpu | 2022-08-10 | N/A | 7.8 HIGH |
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows the guest VM to allocate resources for which the guest is not authorized. This vulnerability may lead to loss of data integrity and confidentiality, denial of service, or information disclosure. | |||||
CVE-2021-1074 | 1 Nvidia | 1 Gpu Display Driver | 2022-07-21 | 6.9 MEDIUM | 7.3 HIGH |
NVIDIA GPU Display Driver for Windows installer contains a vulnerability where an attacker with local unprivileged system access may be able to replace an application resource with malicious files. This attack requires a user with system administration rights to execute the installer and requires the attacker to replace the files in a very short time window between file integrity validation and execution. Such an attack may lead to code execution, escalation of privileges, denial of service, and information disclosure. | |||||
CVE-2021-1113 | 1 Nvidia | 8 Jetson Agx Xavier, Jetson Linux, Jetson Nano and 5 more | 2022-07-15 | 5.4 MEDIUM | 4.7 MEDIUM |
NVIDIA camera firmware contains a difficult to exploit vulnerability where a highly privileged attacker can cause unauthorized modification to camera resources, which may result in complete denial of service and partial loss of data integrity for all clients. | |||||
CVE-2022-28196 | 1 Nvidia | 5 Jetson Agx Xavier, Jetson Linux, Jetson Tx2 and 2 more | 2022-07-14 | 3.6 LOW | 4.6 MEDIUM |
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot blob_decompress function, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, limited loss of Integrity, and limited denial of service. The scope of impact can extend to other components. | |||||
CVE-2022-31605 | 1 Nvidia | 1 Nvflare | 2022-07-13 | 7.5 HIGH | 9.8 CRITICAL |
NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module, where YAML files are loaded via yaml.load() instead of yaml.safe_load(). The deserialization of Untrusted Data, may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity. | |||||
CVE-2022-31604 | 1 Nvidia | 1 Nvflare | 2022-07-13 | 7.5 HIGH | 9.8 CRITICAL |
NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. The deserialization of Untrusted Data may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity. | |||||
CVE-2022-31599 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2022-07-13 | 4.6 MEDIUM | 8.2 HIGH |
NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an uninitialized pointer, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components. | |||||
CVE-2022-31600 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2022-07-13 | 4.6 MEDIUM | 8.2 HIGH |
NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmmCore, where a user with high privileges can chain another vulnerability to this vulnerability, causing an integer overflow, possibly leading to code execution, escalation of privileges, denial of service, compromised integrity, and information disclosure. The scope of impact can extend to other components. | |||||
CVE-2022-31601 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2022-07-13 | 4.6 MEDIUM | 6.7 MEDIUM |
NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmbiosPei, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclosure. | |||||
CVE-2022-31602 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2022-07-13 | 4.4 MEDIUM | 6.7 MEDIUM |
NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with elevated privileges and a preconditioned heap can exploit an out-of-bounds write vulnerability, which may lead to code execution, denial of service, data integrity impact, and information disclosure. | |||||
CVE-2022-31603 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2022-07-13 | 4.4 MEDIUM | 6.7 MEDIUM |
NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges and preconditioned IpSecDxe global data can exploit improper validation of an array index to cause code execution, which may lead to denial of service, data integrity impact, and information disclosure. |