VYPR

Vendor CVEs

Nvidia

All CVEs

1,011 total · sorted by risk
  • CVE-2022-28189May 17, 2022
    risk 0.00cvss epss 0.00

    NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a NULL pointer dereference may lead to a system crash.

  • CVE-2022-28188May 17, 2022
    risk 0.00cvss epss 0.00

    NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to…

  • CVE-2022-28187May 17, 2022
    risk 0.00cvss epss 0.00

    NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where the memory management software does not release a resource after its effective lifetime has ended, which may lead to denial of service.

  • CVE-2022-28186May 17, 2022
    risk 0.00cvss epss 0.00

    NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to…

  • CVE-2022-28182May 17, 2022
    risk 0.00cvss epss 0.01

    NVIDIA GPU Display Driver for Windows contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), where an unauthorized attacker on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution to cause denial…

  • CVE-2022-28181May 17, 2022
    risk 0.00cvss epss 0.01

    NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, denial of service,…

  • CVE-2022-28184May 17, 2022
    risk 0.00cvss epss 0.00

    NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can access administrator- privileged registers, which may lead to denial of service, information…

  • CVE-2022-28183May 17, 2022
    risk 0.00cvss epss 0.00

    NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause an out-of-bounds read, which may lead to denial of service and information disclosure.

  • CVE-2022-28185May 17, 2022
    risk 0.00cvss epss 0.00

    NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the ECC layer, where an unprivileged regular user can cause an out-of-bounds write, which may lead to denial of service and data tampering.

  • CVE-2022-28198Apr 29, 2022
    risk 0.00cvss epss 0.00

    NVIDIA Omniverse Nucleus and Cache contain a vulnerability in its configuration of OpenSSL, where an attacker with physical access to the system can cause arbitrary code execution which can impact confidentiality, integrity, and availability.

  • CVE-2022-28197Apr 27, 2022
    risk 0.00cvss epss 0.00

    NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_mount function, where Insufficient validation of untrusted data may allow a highly privileged local attacker to cause an integer overflow. This difficult-to-exploit vulnerability may lead to code…

  • CVE-2022-28196Apr 27, 2022
    risk 0.00cvss epss 0.00

    NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot blob_decompress function, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, limited…

  • CVE-2022-28195Apr 27, 2022
    risk 0.00cvss epss 0.00

    NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_read_file function, where insufficient validation of untrusted data may allow a highly privileged local attacker to cause a integer overflow, which may lead to code execution, escalation of privileges,…

  • CVE-2022-28194Apr 27, 2022
    risk 0.00cvss epss 0.00

    NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where, if TFTP is enabled, a local attacker with elevated privileges can cause a memory buffer overflow, which may lead to code execution, loss of Integrity, limited denial of service,…

  • CVE-2022-28193Apr 27, 2022
    risk 0.00cvss epss 0.00

    NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, loss of…

  • CVE-2022-21821Mar 29, 2022
    risk 0.00cvss epss 0.02

    NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in cuobjdump.To exploit this vulnerability, a remote attacker would require a local user to download a specially crafted, corrupted file and locally execute cuobjdump against the file. Such an attack may lead to…

  • CVE-2022-21820Mar 24, 2022
    risk 0.00cvss epss 0.17

    NVIDIA DCGM contains a vulnerability in nvhostengine, where a network user can cause detection of error conditions without action, which may lead to limited code execution, some denial of service, escalation of privileges, and limited impacts to both data confidentiality and…

  • CVE-2022-21819Mar 11, 2022
    risk 0.00cvss epss 0.00

    NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physical access to the board direct read/write access to the entire system address space through the PCI bus. Such an attack could…

  • CVE-2022-21818Feb 14, 2022
    risk 0.00cvss epss 0.00

    NVIDIA License System contains a vulnerability in the installation scripts for the DLS virtual appliance, where a user on a network after signing in to the portal can access other users’ credentials, allowing them to gain escalated privileges, resulting in limited impact to…

  • CVE-2022-21816Feb 7, 2022
    risk 0.00cvss epss 0.00

    NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where a user in the guest OS can cause a GPU interrupt storm on the hypervisor host, leading to a denial of service.

  • CVE-2022-21815Feb 7, 2022
    risk 0.00cvss epss 0.00

    NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system crash.

  • CVE-2022-21814Feb 7, 2022
    risk 0.00cvss epss 0.00

    NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver package, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service.

  • CVE-2022-21813Feb 7, 2022
    risk 0.00cvss epss 0.00

    NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service.

  • CVE-2022-21817Feb 2, 2022
    risk 0.00cvss epss 0.02

    NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can get user to browse malicious site, to acquire access tokens allowing them to access resources in other security domains, which may…

  • CVE-2021-34406Jan 18, 2022
    risk 0.00cvss epss 0.00

    NVIDIA Tegra kernel driver contains a vulnerability in NVHost, where a specific race condition can lead to a null pointer dereference, which may lead to a system reboot.

  • CVE-2021-34405Jan 18, 2022
    risk 0.00cvss epss 0.00

    NVIDIA Linux distributions contain a vulnerability in TrustZone’s TEE_Malloc function, where an unchecked return value causing a null pointer dereference may lead to denial of service.

  • CVE-2021-34404Jan 18, 2022
    risk 0.00cvss epss 0.00

    Android images for T210 provided by NVIDIA contain a vulnerability in BROM, where failure to limit access to AHB-DMA when BROM fails may allow an unprivileged attacker with physical access to cause denial of service or impact integrity and confidentiality beyond the security…

  • CVE-2021-34403Jan 18, 2022
    risk 0.00cvss epss 0.00

    NVIDIA Linux distributions contain a vulnerability in nvmap ioctl, which allows any user with a local account to exploit a use-after-free condition, leading to code privilege escalation, loss of confidentiality and integrity, or denial of service.

  • CVE-2021-34402Jan 18, 2022
    risk 0.00cvss epss 0.00

    NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVDEC, where a user with high privileges might be able to read from or write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service, Information disclosure, loss…

  • CVE-2021-34401Jan 18, 2022
    risk 0.00cvss epss 0.00

    NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVGPU_IOCTL_CHANNEL_SET_ERROR_NOTIFIER, where improper access control may lead to code execution, compromised integrity, or denial of service.

  • CVE-2021-23175Dec 23, 2021
    risk 0.00cvss epss 0.00

    NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data…

  • CVE-2021-34399Nov 20, 2021
    risk 0.00cvss epss 0.00

    NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed registers, which may lead to information disclosure.

  • CVE-2021-23217Nov 20, 2021
    risk 0.00cvss epss 0.00

    NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to instantiate a DMA write operation only within a specific time window timed to corrupt code execution, which may impact confidentiality,…

  • CVE-2021-23201Nov 20, 2021
    risk 0.00cvss epss 0.00

    NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller, which may allow a user with elevated privileges to generate valid microcode by identifying, exploiting, and loading vulnerable microcode. Such an attack could lead to information disclosure,…

  • CVE-2021-1125Nov 20, 2021
    risk 0.00cvss epss 0.00

    NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to corrupt program data.

  • CVE-2021-1105Nov 20, 2021
    risk 0.00cvss epss 0.00

    NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to access debug registers during runtime, which may lead to information disclosure.

  • CVE-2021-1088Nov 20, 2021
    risk 0.00cvss epss 0.00

    NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to utilize debug mechanisms with insufficient access control, which may lead to information disclosure.

  • CVE-2020-12920Nov 15, 2021
    risk 0.00cvss epss 0.00

    A potential denial of service issue exists in the AMD Display driver Escape 0x130007 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck.

  • CVE-2021-1123Oct 29, 2021
    risk 0.00cvss epss 0.00

    NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can deadlock, which may lead to denial of service.

  • CVE-2021-1122Oct 29, 2021
    risk 0.00cvss epss 0.00

    NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a NULL pointer, which may lead to denial of service.

  • CVE-2021-1121Oct 29, 2021
    risk 0.00cvss epss 0.00

    NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager kernel driver, where a vGPU can cause resource starvation among other vGPUs hosted on the same GPU, which may lead to denial of service.

  • CVE-2021-1120Oct 29, 2021
    risk 0.00cvss epss 0.00

    NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a string provided by the guest OS may not be properly null terminated. The guest OS or attacker has no ability to push content to the plugin through this vulnerability, which may lead…

  • CVE-2021-1119Oct 29, 2021
    risk 0.00cvss epss 0.00

    NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can double-free a pointer, which may lead to denial of service. This flaw may result in a write-what-where condition, allowing an attacker to execute arbitrary code impacting…

  • CVE-2021-1118Oct 29, 2021
    risk 0.00cvss epss 0.00

    NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to execute privileged operations by the guest OS, which may lead to information disclosure, data tampering, escalation of privileges, and denial of service

  • CVE-2021-1117Oct 27, 2021
    risk 0.00cvss epss 0.00

    Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an attacker through specific configuration and with local unprivileged system access may cause improper input validation, which may lead to denial of service.

  • CVE-2021-1116Oct 27, 2021
    risk 0.00cvss epss 0.00

    NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system crash.

  • CVE-2021-1115Oct 27, 2021
    risk 0.00cvss epss 0.00

    NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs, where an attacker with local unprivileged system access may cause a NULL pointer dereference, which may lead to denial of service in a component…

  • CVE-2021-0633Oct 25, 2021
    risk 0.00cvss epss 0.00

    In display driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05585423; Issue ID: ALPS05585423.

  • CVE-2021-25468Oct 6, 2021
    risk 0.00cvss epss 0.00

    A possible guessing and confirming a byte memory vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows attackers to read arbitrary memory address.

  • CVE-2021-39158Aug 23, 2021
    risk 0.00cvss epss 0.01

    NVCaffe's python required dependencies list used to contain `gfortran`version prior to 0.17.4, entry which does not exist in the repository pypi.org. An attacker could potentially have posted malicious files to pypi.org causing a user to install it within NVCaffe.

Page 16 of 21