NVIDIA Product Security - Filtered CVEs
Search CVEs across years, bulletins, counts, descriptions, and CWE
Years: 5
Bulletins: 43
CVEs: 134
Search by year, bulletin count, CVE count, CVE description, or CWE.
Matching CVEs: 134
No matching CVEs found.
| Date | Scope | CVE / Details |
|---|---|---|
| 2026-01-28 | CWE-476 NVIDIA HD Audio Driver for Windows contains a vulnerability where an attacker could exploit a NULL pointer dereference issue. A successful exploit of this vulnerability might lead to a denial of service. Security Bulletin: GPU Display Driver - January 2026 NVIDIA has released security updates to address vulnerabilities in various products. | |
| 2026-01-28 | CWE-416 NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause heap memory access after the memory is freed. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure. Security Bulletin: GPU Display Driver - January 2026 NVIDIA has released security updates to address vulnerabilities in various products. | |
| 2025-12-16 | CWE-362 NVIDIA Resiliency Extension for Linux contains a vulnerability in the checkpointing core, where an attacker may cause a race condition. A successful exploit of this vulnerability might lead to information disclosure, data tampering, denial of service, or escalation of privileges. Security Bulletin: NVIDIA Resiliency Extension - December 2025 NVIDIA has released a software update for NVIDIA® Resiliency Extension. <br><div>To protect your system, clone or update this software to version 0.5.0 or later from <a href="https://github.com/NVIDIA/nvidia-resiliency-ext">NVIDIA Resiliency Extension on GitHub</a>.<br><br></div> | |
| 2025-11-25 | CWE-476 NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a NULL pointer dereference. A successful exploit of this vulnerability might lead to denial of service. Security Bulletin: NVIDIA DGX Spark - November 2025 NVIDIA has released a software update for NVIDIA DGX Spark.<div>To protect your system, download and install the latest version of NVIDIA DGX OS from the <a href="https://www.nvidia.com/en-us/products/workstations/dgx-spark/">NVIDIA DGX</a> site.</div> | |
| 2025-11-17 | CWE-121 NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where an attacker could cause a stack overflow by sending extra-large payloads. A successful exploit of this vulnerability might lead to denial of service. Security Bulletin: NVIDIA Triton Inference Server - November 2025 NVIDIA has released a software update for NVIDIA Triton Inference Server to address the issue disclosed in this bulletin. To protect your system, install the latest release from the <a href="https://github.com/triton-inference-server/server/releases">Triton Inference Server Releases</a> page on GitHub, and view the <a href="https://github.com/triton-inference-server/server/blob/main/docs/customization_guide/deploy.md">Secure Deployment Considerations Guide</a>. | |
| 2025-10-09 | CWE-824 NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause uninitialized pointer access. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. Security Bulletin: NVIDIA GPU Display Driver - October 2025 NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin.<br>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and Cloud Gaming updates, through the <a href="https://www.nvidia.com/content/nvidia/en-us/cloud-gaming/cloud-gaming-downloads.html">NVIDIA Licensing Portal</a>. | |
| 2025-10-09 | CWE-125 NVIDIA Display Driver for Windows and Linux contains a vulnerability in a video decoder, where an attacker might cause an out-of-bounds read. A successful exploit of this vulnerability might lead to information disclosure or denial of service. Security Bulletin: NVIDIA GPU Display Driver - October 2025 NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin.<br>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and Cloud Gaming updates, through the <a href="https://www.nvidia.com/content/nvidia/en-us/cloud-gaming/cloud-gaming-downloads.html">NVIDIA Licensing Portal</a>. | |
| 2025-10-09 | CWE-476 NVIDIA Display Driver for Linux contains a vulnerability in a kernel module, where an attacker might be able to trigger a null pointer deference. A successful exploit of this vulnerability might lead to denial of service. Security Bulletin: NVIDIA GPU Display Driver - October 2025 NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin.<br>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and Cloud Gaming updates, through the <a href="https://www.nvidia.com/content/nvidia/en-us/cloud-gaming/cloud-gaming-downloads.html">NVIDIA Licensing Portal</a>. | |
| 2025-10-09 | CWE-476 NVIDIA Display Driver for Linux contains a vulnerability where an attacker might be able to trigger a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service. Security Bulletin: NVIDIA GPU Display Driver - October 2025 NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin.<br>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and Cloud Gaming updates, through the <a href="https://www.nvidia.com/content/nvidia/en-us/cloud-gaming/cloud-gaming-downloads.html">NVIDIA Licensing Portal</a>. | |
| 2025-10-09 | CWE-476 NVIDIA Display Driver for Linux contains a vulnerability in the kernel driver, where a user could cause a null pointer dereference by allocating a specific memory resource. A successful exploit of this vulnerability might lead to denial of service. Security Bulletin: NVIDIA GPU Display Driver - October 2025 NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin.<br>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and Cloud Gaming updates, through the <a href="https://www.nvidia.com/content/nvidia/en-us/cloud-gaming/cloud-gaming-downloads.html">NVIDIA Licensing Portal</a>. | |
| 2025-10-09 | CWE-415 NVIDIA Display Driver for Linux contains a vulnerability where an attacker might be able to use a race condition to escalate privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. Security Bulletin: NVIDIA GPU Display Driver - October 2025 NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin.<br>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and Cloud Gaming updates, through the <a href="https://www.nvidia.com/content/nvidia/en-us/cloud-gaming/cloud-gaming-downloads.html">NVIDIA Licensing Portal</a>. | |
| 2025-09-23 | CWE-476 NVIDIA CUDA Toolkit contains a vulnerability in cuobjdump, where an unprivileged user can cause a NULL pointer dereference. A successful exploit of this vulnerability may lead to a limited denial of service. Security Bulletin: NVIDIA CUDA Toolkit - September 2025 NVIDIA has released a software update for NVIDIA® CUDA® Toolkit. <div>To protect your system, download and install this software update from the <a href="https://developer.nvidia.com/cuda-toolkit">CUDA Toolkit Downloads</a> page.</div> | |
| 2025-09-23 | CWE-125 NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability may lead to a partial denial of service. Security Bulletin: NVIDIA CUDA Toolkit - September 2025 NVIDIA has released a software update for NVIDIA® CUDA® Toolkit. <div>To protect your system, download and install this software update from the <a href="https://developer.nvidia.com/cuda-toolkit">CUDA Toolkit Downloads</a> page.</div> | |
| 2025-09-23 | CWE-121 NVIDIA CUDA Toolkit for all platforms contains a vulnerability in cuobjdump where an attacker may cause a stack-based buffer overflow by getting the user to run cuobjdump on a malicious ELF file. A successful exploit of this vulnerability may lead to arbitrary code execution at the privilege level of the user running <br/>cuobjdump. Security Bulletin: NVIDIA CUDA Toolkit - September 2025 NVIDIA has released a software update for NVIDIA® CUDA® Toolkit. <div>To protect your system, download and install this software update from the <a href="https://developer.nvidia.com/cuda-toolkit">CUDA Toolkit Downloads</a> page.</div> | |
| 2025-09-23 | CWE-129 NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where a user may cause an out-of-bounds write by running nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to denial of service. Security Bulletin: NVIDIA CUDA Toolkit - September 2025 NVIDIA has released a software update for NVIDIA® CUDA® Toolkit. <div>To protect your system, download and install this software update from the <a href="https://developer.nvidia.com/cuda-toolkit">CUDA Toolkit Downloads</a> page.</div> | |
| 2025-09-23 | CWE-122 NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where an attacker may cause a heap-based buffer overflow by getting the user to run nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to arbitrary code execution at the privilege level of the user running nvdisasm. Security Bulletin: NVIDIA CUDA Toolkit - September 2025 NVIDIA has released a software update for NVIDIA® CUDA® Toolkit. <div>To protect your system, download and install this software update from the <a href="https://developer.nvidia.com/cuda-toolkit">CUDA Toolkit Downloads</a> page.</div> | |
| 2025-09-23 | CWE-787 NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a local authenticated user may cause a GPU out-of-bounds write by providing certain image dimensions. A successful exploit of this vulnerability may lead to denial of service and information disclosure. Security Bulletin: NVIDIA CUDA Toolkit - September 2025 NVIDIA has released a software update for NVIDIA® CUDA® Toolkit. <div>To protect your system, download and install this software update from the <a href="https://developer.nvidia.com/cuda-toolkit">CUDA Toolkit Downloads</a> page.</div> | |
| 2025-09-23 | CWE-125 NVIDIA nvJPEG contains a vulnerability in jpeg encoding where a user may cause an out-of-bounds read by providing a maliciously crafted input image with dimensions that cause integer overflows in array index calculations. A successful exploit of this vulnerability may lead to denial of service. Security Bulletin: NVIDIA CUDA Toolkit - September 2025 NVIDIA has released a software update for NVIDIA® CUDA® Toolkit. <div>To protect your system, download and install this software update from the <a href="https://developer.nvidia.com/cuda-toolkit">CUDA Toolkit Downloads</a> page.</div> | |
| 2025-09-23 | CWE-125 NVIDIA nvJPEG library contains a vulnerability where an attacker can cause an out-of-bounds read by means of a specially crafted JPEG file. A successful exploit of this vulnerability might lead to information disclosure or denial of service. Security Bulletin: NVIDIA CUDA Toolkit - September 2025 NVIDIA has released a software update for NVIDIA® CUDA® Toolkit. <div>To protect your system, download and install this software update from the <a href="https://developer.nvidia.com/cuda-toolkit">CUDA Toolkit Downloads</a> page.</div> | |
| 2025-09-23 | CWE-125 NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability may lead to a partial denial of service. Security Bulletin: NVIDIA CUDA Toolkit - September 2025 NVIDIA has released a software update for NVIDIA® CUDA® Toolkit. <div>To protect your system, download and install this software update from the <a href="https://developer.nvidia.com/cuda-toolkit">CUDA Toolkit Downloads</a> page.</div> | |
| 2025-09-23 | CWE-125 NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary where a user may cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability may lead to a partial denial of service. Security Bulletin: NVIDIA CUDA Toolkit - September 2025 NVIDIA has released a software update for NVIDIA® CUDA® Toolkit. <div>To protect your system, download and install this software update from the <a href="https://developer.nvidia.com/cuda-toolkit">CUDA Toolkit Downloads</a> page.</div> | |
| 2025-09-23 | CWE-125 NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability may lead to a partial denial of service. Security Bulletin: NVIDIA CUDA Toolkit - September 2025 NVIDIA has released a software update for NVIDIA® CUDA® Toolkit. <div>To protect your system, download and install this software update from the <a href="https://developer.nvidia.com/cuda-toolkit">CUDA Toolkit Downloads</a> page.</div> | |
| 2025-09-16 | CWE-284 NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause memory corruption by identifying and accessing the shared memory region used by the Python backend. A successful exploit of this vulnerability might lead to denial of service. Security Bulletin: NVIDIA Triton Inference Server - September 2025 NVIDIA has released a software update for NVIDIA Triton Inference Server to address the issue disclosed in this bulletin. To protect your system, install the latest release from the <a href="https://github.com/triton-inference-server/server/releases">Triton Inference Server Releases</a> page on GitHub, and view the <a href="https://github.com/triton-inference-server/server/blob/main/docs/customization_guide/deploy.md">Secure Deployment Considerations Guide</a>. | |
| 2025-09-16 | CWE-787 NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bounds write through a specially crafted input. A successful exploit of this vulnerability might lead to denial of service. Security Bulletin: NVIDIA Triton Inference Server - September 2025 NVIDIA has released a software update for NVIDIA Triton Inference Server to address the issue disclosed in this bulletin. To protect your system, install the latest release from the <a href="https://github.com/triton-inference-server/server/releases">Triton Inference Server Releases</a> page on GitHub, and view the <a href="https://github.com/triton-inference-server/server/blob/main/docs/customization_guide/deploy.md">Secure Deployment Considerations Guide</a>. | |
| 2025-08-04 | CWE-125 NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by sending a request. A successful exploit of this vulnerability might lead to information disclosure. Security Bulletin: NVIDIA Triton Inference Server - August 2025 NVIDIA has released a software update for NVIDIA Triton Inference Server to address the issue disclosed in this bulletin. To protect your system, install the latest release from the <a href="https://github.com/triton-inference-server/server/releases">Triton Inference Server Releases</a> page on GitHub, and view the <a href="https://github.com/triton-inference-server/server/blob/main/docs/customization_guide/deploy.md">Secure Deployment Considerations Guide</a>. | |
| 2025-08-04 | CWE-125 NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by manipulating shared memory data. A successful exploit of this vulnerability might lead to information disclosure. Security Bulletin: NVIDIA Triton Inference Server - August 2025 NVIDIA has released a software update for NVIDIA Triton Inference Server to address the issue disclosed in this bulletin. To protect your system, install the latest release from the <a href="https://github.com/triton-inference-server/server/releases">Triton Inference Server Releases</a> page on GitHub, and view the <a href="https://github.com/triton-inference-server/server/blob/main/docs/customization_guide/deploy.md">Secure Deployment Considerations Guide</a>. | |
| 2025-08-04 | CWE-789 NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a memory allocation with excessive size value, leading to a segmentation fault, by providing an invalid request. A successful exploit of this vulnerability might lead to denial of service. Security Bulletin: NVIDIA Triton Inference Server - August 2025 NVIDIA has released a software update for NVIDIA Triton Inference Server to address the issue disclosed in this bulletin. To protect your system, install the latest release from the <a href="https://github.com/triton-inference-server/server/releases">Triton Inference Server Releases</a> page on GitHub, and view the <a href="https://github.com/triton-inference-server/server/blob/main/docs/customization_guide/deploy.md">Secure Deployment Considerations Guide</a>. | |
| 2025-08-04 | CWE-190 NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a segmentation fault, by providing an invalid request. A successful exploit of this vulnerability might lead to denial of service. Security Bulletin: NVIDIA Triton Inference Server - August 2025 NVIDIA has released a software update for NVIDIA Triton Inference Server to address the issue disclosed in this bulletin. To protect your system, install the latest release from the <a href="https://github.com/triton-inference-server/server/releases">Triton Inference Server Releases</a> page on GitHub, and view the <a href="https://github.com/triton-inference-server/server/blob/main/docs/customization_guide/deploy.md">Secure Deployment Considerations Guide</a>. | |
| 2025-08-04 | CWE-190 NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a segmentation fault, by providing an invalid request. A successful exploit of this vulnerability might lead to denial of service. Security Bulletin: NVIDIA Triton Inference Server - August 2025 NVIDIA has released a software update for NVIDIA Triton Inference Server to address the issue disclosed in this bulletin. To protect your system, install the latest release from the <a href="https://github.com/triton-inference-server/server/releases">Triton Inference Server Releases</a> page on GitHub, and view the <a href="https://github.com/triton-inference-server/server/blob/main/docs/customization_guide/deploy.md">Secure Deployment Considerations Guide</a>. | |
| 2025-08-04 | CWE-805 NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write by sending a request. A successful exploit of this vulnerability might lead to remote code execution, denial of service, data tampering, or information disclosure. Security Bulletin: NVIDIA Triton Inference Server - August 2025 NVIDIA has released a software update for NVIDIA Triton Inference Server to address the issue disclosed in this bulletin. To protect your system, install the latest release from the <a href="https://github.com/triton-inference-server/server/releases">Triton Inference Server Releases</a> page on GitHub, and view the <a href="https://github.com/triton-inference-server/server/blob/main/docs/customization_guide/deploy.md">Secure Deployment Considerations Guide</a>. | |
| 2025-08-04 | CWE-805 NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure. Security Bulletin: NVIDIA Triton Inference Server - August 2025 NVIDIA has released a software update for NVIDIA Triton Inference Server to address the issue disclosed in this bulletin. To protect your system, install the latest release from the <a href="https://github.com/triton-inference-server/server/releases">Triton Inference Server Releases</a> page on GitHub, and view the <a href="https://github.com/triton-inference-server/server/blob/main/docs/customization_guide/deploy.md">Secure Deployment Considerations Guide</a>. | |
| 2025-08-04 | CWE-121 NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a stack overflow through specially crafted HTTP requests. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, or data tampering. Security Bulletin: NVIDIA Triton Inference Server - August 2025 NVIDIA has released a software update for NVIDIA Triton Inference Server to address the issue disclosed in this bulletin. To protect your system, install the latest release from the <a href="https://github.com/triton-inference-server/server/releases">Triton Inference Server Releases</a> page on GitHub, and view the <a href="https://github.com/triton-inference-server/server/blob/main/docs/customization_guide/deploy.md">Secure Deployment Considerations Guide</a>. | |
| 2025-08-04 | CWE-121 NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause stack buffer overflow by specially crafted inputs. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, and data tampering. Security Bulletin: NVIDIA Triton Inference Server - August 2025 NVIDIA has released a software update for NVIDIA Triton Inference Server to address the issue disclosed in this bulletin. To protect your system, install the latest release from the <a href="https://github.com/triton-inference-server/server/releases">Triton Inference Server Releases</a> page on GitHub, and view the <a href="https://github.com/triton-inference-server/server/blob/main/docs/customization_guide/deploy.md">Secure Deployment Considerations Guide</a>. | |
| 2025-07-24 | CWE-121 NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause a stack buffer overflow. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, or data tampering. Security Bulletin: GPU Display Driver - July 2025 NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin.<br>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and Cloud Gaming updates, through the <a href="https://www.nvidia.com/content/nvidia/en-us/cloud-gaming/cloud-gaming-downloads.html">NVIDIA Licensing Portal</a>. | |
| 2025-07-24 | CWE-121 NVIDIA vGPU software for Linux-style hypervisors contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause stack buffer overflow. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. Security Bulletin: GPU Display Driver - July 2025 NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin.<br>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and Cloud Gaming updates, through the <a href="https://www.nvidia.com/content/nvidia/en-us/cloud-gaming/cloud-gaming-downloads.html">NVIDIA Licensing Portal</a>. | |
| 2025-07-24 | CWE-416 NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker with local unprivileged access that can win a race condition might be able to trigger a use-after-free error. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure. Security Bulletin: GPU Display Driver - July 2025 NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin.<br>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and Cloud Gaming updates, through the <a href="https://www.nvidia.com/content/nvidia/en-us/cloud-gaming/cloud-gaming-downloads.html">NVIDIA Licensing Portal</a>. | |
| 2025-07-24 | CWE-367 NVIDIA .run Installer for Linux and Solaris contains a vulnerability where an attacker could use a race condition to escalate privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, denial of service, or data tampering. Security Bulletin: GPU Display Driver - July 2025 NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin.<br>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and Cloud Gaming updates, through the <a href="https://www.nvidia.com/content/nvidia/en-us/cloud-gaming/cloud-gaming-downloads.html">NVIDIA Licensing Portal</a>. | |
| 2025-02-18 | CWE-476 NVIDIA CUDA toolkit for all platforms contains a vulnerability in the nvdisasm binary, where a user could cause a NULL pointer exception by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability might lead to a partial denial of service. Security Bulletin: NVIDIA CUDA Toolkit - January 2025 NVIDIA has released a software update for NVIDIA® CUDA® Toolkit. To protect your system, download and install this software update from the <a href="https://developer.nvidia.com/cuda-toolkit">CUDA Toolkit Downloads</a> page. | |
| 2025-02-18 | CWE-125 NVIDIA CUDA toolkit for all platforms contains a vulnerability in the nvdisasm binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability might lead to a partial denial of service. Security Bulletin: NVIDIA CUDA Toolkit - January 2025 NVIDIA has released a software update for NVIDIA® CUDA® Toolkit. To protect your system, download and install this software update from the <a href="https://developer.nvidia.com/cuda-toolkit">CUDA Toolkit Downloads</a> page. | |
| 2025-02-18 | CWE-125 NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. Security Bulletin: NVIDIA CUDA Toolkit - January 2025 NVIDIA has released a software update for NVIDIA® CUDA® Toolkit. To protect your system, download and install this software update from the <a href="https://developer.nvidia.com/cuda-toolkit">CUDA Toolkit Downloads</a> page. | |
| 2025-02-18 | CWE-125 NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. Security Bulletin: NVIDIA CUDA Toolkit - January 2025 NVIDIA has released a software update for NVIDIA® CUDA® Toolkit. To protect your system, download and install this software update from the <a href="https://developer.nvidia.com/cuda-toolkit">CUDA Toolkit Downloads</a> page. | |
| 2025-02-18 | CWE-125 NVIDIA CUDA toolkit for Windows contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. Security Bulletin: NVIDIA CUDA Toolkit - January 2025 NVIDIA has released a software update for NVIDIA® CUDA® Toolkit. To protect your system, download and install this software update from the <a href="https://developer.nvidia.com/cuda-toolkit">CUDA Toolkit Downloads</a> page. | |
| 2025-02-18 | CWE-125 NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. Security Bulletin: NVIDIA CUDA Toolkit - January 2025 NVIDIA has released a software update for NVIDIA® CUDA® Toolkit. To protect your system, download and install this software update from the <a href="https://developer.nvidia.com/cuda-toolkit">CUDA Toolkit Downloads</a> page. | |
| 2025-02-18 | CWE-125 NVIDIA CUDA toolkit for all platforms contains a vulnerability in the nvdisasm binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability might lead to a partial denial of service. Security Bulletin: NVIDIA CUDA Toolkit - January 2025 NVIDIA has released a software update for NVIDIA® CUDA® Toolkit. To protect your system, download and install this software update from the <a href="https://developer.nvidia.com/cuda-toolkit">CUDA Toolkit Downloads</a> page. | |
| 2025-02-18 | CWE-125 NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. Security Bulletin: NVIDIA CUDA Toolkit - January 2025 NVIDIA has released a software update for NVIDIA® CUDA® Toolkit. To protect your system, download and install this software update from the <a href="https://developer.nvidia.com/cuda-toolkit">CUDA Toolkit Downloads</a> page. | |
| 2025-02-11 | CWE-122 NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause a heap-based buffer overflow issue by means of a specially crafted JPEG2000 file. A successful exploit of this vulnerability might lead to code execution and data tampering. Security Bulletin: NVIDIA nvJPEG2000 - February 2025 NVIDIA has released a software update for NVIDIA® nvJPEG2000 to address the issues listed below.<br> To protect your system, download and install this software update from <a href="https://developer.nvidia.com/nvjpeg2000-downloads">nvJPEG2000 Downloads</a> page. | |
| 2025-02-11 | CWE-120 NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause a buffer overflow issue by means of a specially crafted JPEG 2000 file. A successful exploit of this vulnerability might lead to data tampering. Security Bulletin: NVIDIA nvJPEG2000 - February 2025 NVIDIA has released a software update for NVIDIA® nvJPEG2000 to address the issues listed below.<br> To protect your system, download and install this software update from <a href="https://developer.nvidia.com/nvjpeg2000-downloads">nvJPEG2000 Downloads</a> page. | |
| 2025-02-11 | CWE-787 NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause an out-of-bounds write issue by means of a specially crafted JPEG2000 file. A successful exploit of this vulnerability might lead to code execution and data tampering. Security Bulletin: NVIDIA nvJPEG2000 - February 2025 NVIDIA has released a software update for NVIDIA® nvJPEG2000 to address the issues listed below.<br> To protect your system, download and install this software update from <a href="https://developer.nvidia.com/nvjpeg2000-downloads">nvJPEG2000 Downloads</a> page. | |
| 2025-02-11 | CWE-787 NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause an out-of-bounds write issue by means of a specially crafted JPEG2000 file. A successful exploit of this vulnerability might lead to code execution and data tampering. Security Bulletin: NVIDIA nvJPEG2000 - February 2025 NVIDIA has released a software update for NVIDIA® nvJPEG2000 to address the issues listed below.<br> To protect your system, download and install this software update from <a href="https://developer.nvidia.com/nvjpeg2000-downloads">nvJPEG2000 Downloads</a> page. | |
| 2025-01-30 | CWE-459 NVIDIA Unified Memory driver for Linux contains a vulnerability where an attacker could leak uninitialized memory. A successful exploit of this vulnerability might lead to information disclosure. Security Bulletin: NVIDIA GPU Display Driver - January 2025 NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin.<br>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and Cloud Gaming updates, through the <a href="https://www.nvidia.com/content/nvidia/en-us/cloud-gaming/cloud-gaming-downloads.html">NVIDIA Licensing Portal</a>. | |
| 2025-01-30 | CWE-120 NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause memory corruption. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, or data tampering. Security Bulletin: NVIDIA GPU Display Driver - January 2025 NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin.<br>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and Cloud Gaming updates, through the <a href="https://www.nvidia.com/content/nvidia/en-us/cloud-gaming/cloud-gaming-downloads.html">NVIDIA Licensing Portal</a>. | |
| 2024-12-05 | CWE-125 NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. Security Bulletin: NVIDIA GPU Display Driver - October 2024 NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin.<br>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and Cloud Gaming updates, through the <a href="https://www.nvidia.com/content/nvidia/en-us/cloud-gaming/cloud-gaming-downloads.html">NVIDIA Licensing Portal</a>. | |
| 2024-12-05 | CWE-125 NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. Security Bulletin: NVIDIA GPU Display Driver - October 2024 NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin.<br>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and Cloud Gaming updates, through the <a href="https://www.nvidia.com/content/nvidia/en-us/cloud-gaming/cloud-gaming-downloads.html">NVIDIA Licensing Portal</a>. | |
| 2024-12-05 | CWE-125 NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. Security Bulletin: NVIDIA GPU Display Driver - October 2024 NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin.<br>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and Cloud Gaming updates, through the <a href="https://www.nvidia.com/content/nvidia/en-us/cloud-gaming/cloud-gaming-downloads.html">NVIDIA Licensing Portal</a>. | |
| 2024-12-05 | CWE-125 NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. Security Bulletin: NVIDIA GPU Display Driver - October 2024 NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin.<br>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and Cloud Gaming updates, through the <a href="https://www.nvidia.com/content/nvidia/en-us/cloud-gaming/cloud-gaming-downloads.html">NVIDIA Licensing Portal</a>. | |
| 2024-12-05 | CWE-125 NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. Security Bulletin: NVIDIA GPU Display Driver - October 2024 NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin.<br>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and Cloud Gaming updates, through the <a href="https://www.nvidia.com/content/nvidia/en-us/cloud-gaming/cloud-gaming-downloads.html">NVIDIA Licensing Portal</a>. | |
| 2024-10-02 | CWE-476 NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause a NULL pointer dereference by running nvdisasm on a malformed ELF file. A successful exploit of this vulnerability might lead to a limited denial of service. Security Bulletin: NVIDIA CUDA Toolkit - October 2024 NVIDIA has released a software update for NVIDIA® CUDA® Toolkit. To protect your system, download and install this software update from the <a href="https://developer.nvidia.com/cuda-toolkit">CUDA Toolkit Downloads</a> page. | |
| 2024-09-30 | CWE-125 NVIDIA Triton Inference Server contains a vulnerability where a user may cause an out-of-bounds read issue by releasing a shared memory region while it is in use. A successful exploit of this vulnerability may lead to denial of service. Security Bulletin: NVIDIA Triton Inference Server - September 2024 NVIDIA has released a software update for NVIDIA Triton Inference Server to address the issue disclosed in this bulletin. To protect your system, install the latest release from the <a href="https://github.com/triton-inference-server/server/releases">Triton Inference Server Releases</a> page on GitHub, and view the <a href="https://github.com/triton-inference-server/server/blob/main/docs/customization_guide/deploy.md">Secure Deployment Considerations Guide</a>. | |
| 2024-08-29 | CWE-125 NVIDIA CUDA Toolkit contains a vulnerability in command `cuobjdump` where a user may cause a crash by passing in a malformed ELF file. A successful exploit of this vulnerability may cause an out of bounds read in the unprivileged process memory which could lead to a limited denial of service. Security Bulletin: NVIDIA CUDA Toolkit - August 2024 NVIDIA has released a software update for NVIDIA® CUDA® Toolkit. To protect your system, download and install this software update from the <a href="https://developer.nvidia.com/cuda-toolkit">CUDA Toolkit Downloads</a> page. | |
| 2024-07-11 | CWE-125 NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm, where an attacker can cause an out-of-bounds read issue by deceiving a user into reading a malformed ELF file. A successful exploit of this vulnerability might lead to denial of service. Security Bulletin: NVIDIA CUDA Toolkit - July 2024 NVIDIA has released a software update for NVIDIA® CUDA® Toolkit. To protect your system, download and install this software update from the <a href="https://developer.nvidia.com/cuda-toolkit">CUDA Toolkit Downloads</a> page. | |
| 2024-07-09 | CWE-125 NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. Security Bulletin: NVIDIA GPU Display Driver - July 2024 NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin.<br>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and Cloud Gaming updates, through the <a href="https://www.nvidia.com/content/nvidia/en-us/cloud-gaming/cloud-gaming-downloads.html">NVIDIA Licensing Portal</a>. | |
| 2024-06-06 | CWE-787 NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. Security Bulletin: NVIDIA GPU Display Driver - June 2024 NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin.<br>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and Cloud Gaming updates, through the <a href="https://www.nvidia.com/content/nvidia/en-us/cloud-gaming/cloud-gaming-downloads.html">NVIDIA Licensing Portal</a>. | |
| 2024-06-06 | CWE-476 NVIDIA vGPU software for Linux contains a vulnerability where the software can dereference a NULL pointer. A successful exploit of this vulnerability might lead to denial of service and undefined behavior in the vGPU plugin. Security Bulletin: NVIDIA GPU Display Driver - June 2024 NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin.<br>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and Cloud Gaming updates, through the <a href="https://www.nvidia.com/content/nvidia/en-us/cloud-gaming/cloud-gaming-downloads.html">NVIDIA Licensing Portal</a>. | |
| 2024-02-28 | CWE-125 NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds write. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. Security Bulletin: NVIDIA GPU Display Driver - February 2024 NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin.<br>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and Cloud Gaming updates, through the <a href="https://www.nvidia.com/content/nvidia/en-us/cloud-gaming/cloud-gaming-downloads.html">NVIDIA Licensing Portal</a>. | |
| 2024-02-08 | CWE-122 NVIDIA DGX Station A100 and DGX Station A800 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local access. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and data tampering. Security Bulletin: NVIDIA DGX Station A100 and DGX Station A800 - February 2024 NVIDIA has released a firmware security update for the NVIDIA DGX™ Station A100 and DGX™ Station A800 systems.<br>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>. | |
| 2024-02-08 | CWE-120 NVIDIA DGX Station A100 and DGX Station A800 BMC contains a vulnerability in the IPMI handler, where an attacker with the required privileges can cause a buffer overflow, which may lead to denial of service or code execution. Security Bulletin: NVIDIA DGX Station A100 and DGX Station A800 - February 2024 NVIDIA has released a firmware security update for the NVIDIA DGX™ Station A100 and DGX™ Station A800 systems.<br>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>. | |
| 2024-02-08 | CWE-120 NVIDIA DGX Station A100 and DGX Station A800 BMC contains a vulnerability in the IPMI handler, where an attacker with the required privileges can cause a buffer overflow, which may lead to denial of service or code execution. Security Bulletin: NVIDIA DGX Station A100 and DGX Station A800 - February 2024 NVIDIA has released a firmware security update for the NVIDIA DGX™ Station A100 and DGX™ Station A800 systems.<br>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>. | |
| 2024-02-08 | CWE-120 NVIDIA DGX Station A100 and DGX Station A800 BMC contains a vulnerability in libwebsocket, where an attacker with the required privileges can cause a buffer overflow, which may lead to denial of service or code execution. Security Bulletin: NVIDIA DGX Station A100 and DGX Station A800 - February 2024 NVIDIA has released a firmware security update for the NVIDIA DGX™ Station A100 and DGX™ Station A800 systems.<br>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>. | |
| 2024-02-08 | CWE-120 NVIDIA DGX Station A100 and DGX Station A800 BMC contains a vulnerability in the IPMI handler, where an attacker with the required privileges can cause a buffer overflow, which may lead to code execution, denial of service, or escalation of privileges. Security Bulletin: NVIDIA DGX Station A100 and DGX Station A800 - February 2024 NVIDIA has released a firmware security update for the NVIDIA DGX™ Station A100 and DGX™ Station A800 systems.<br>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>. | |
| 2024-02-08 | CWE-120 NVIDIA DGX Station A100 and DGX Station A800 baseboard management controller (BMC) contains a vulnerability in the Intelligent Platform Management Interface (IPMI) handler, where an attacker with the required privileges can cause a buffer overflow, which may lead to denial of service or code execution. Security Bulletin: NVIDIA DGX Station A100 and DGX Station A800 - February 2024 NVIDIA has released a firmware security update for the NVIDIA DGX™ Station A100 and DGX™ Station A800 systems.<br>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>. | |
| 2024-01-25 | CWE-122 NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local access. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and data tampering. Security Bulletin: NVIDIA DGX A100 - January 2024 NVIDIA has released a firmware security update for the NVIDIA DGX™ Station A100 and DGX™ Station A800 systems.<br>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>. | |
| 2024-01-25 | CWE-121 NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering. Security Bulletin: NVIDIA DGX A100 - January 2024 NVIDIA has released a firmware security update for the NVIDIA DGX™ Station A100 and DGX™ Station A800 systems.<br>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>. | |
| 2024-01-25 | CWE-121 NVIDIA DGX A100 baseboard management controller (BMC) contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering. Security Bulletin: NVIDIA DGX A100 - January 2024 NVIDIA has released a firmware security update for the NVIDIA DGX™ Station A100 and DGX™ Station A800 systems.<br>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>. | |
| 2024-01-25 | CWE-121 NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause stack memory corruption by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering. Security Bulletin: NVIDIA DGX A100 - January 2024 NVIDIA has released a firmware security update for the NVIDIA DGX™ Station A100 and DGX™ Station A800 systems.<br>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>. | |
| 2023-08-28 | CWE-121 NVIDIA DGX H100 baseboard management controller (BMC) contains a vulnerability in a web server plugin, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering. Security Bulletin: NVIDIA DGX H100 - August 2023 NVIDIA has released a firmware security update for the NVIDIA DGX™ H100 system. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.<br><div><br></div><div>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>.</div> | |
| 2023-07-14 | CWE-788 NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a user with elevated privileges to cause an access beyond the end of a buffer, which may lead to code execution, escalation of privileges, denial of service and information disclosure. The scope of the impact of this vulnerability can extend to other components. Security Bulletin: NVIDIA DGX-1 - April 2023 NVIDIA has released a security update for NVIDIA DGX-1 firmware. This update addresses an issue that may lead to arbitrary code execution, denial of service, escalation of privileges, information disclosure, data tampering, and SecureBoot bypass.<div>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>.</div> | |
| 2023-07-14 | CWE-120 NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the AMI MegaRAC BMC, where an attacker with the appropriate level of authorization can cause a buffer overflow, which may lead to denial of service, information disclosure, or arbitrary code execution. Security Bulletin: NVIDIA DGX-1 - April 2023 NVIDIA has released a security update for NVIDIA DGX-1 firmware. This update addresses an issue that may lead to arbitrary code execution, denial of service, escalation of privileges, information disclosure, data tampering, and SecureBoot bypass.<div>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>.</div> | |
| 2023-06-29 | CWE-476 NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the nvdisasm binary file, where an attacker may cause a NULL pointer dereference by providing a user with a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service. Security Bulletin: NVIDIA CUDA Toolkit - June 2023 NVIDIA has released a software update for NVIDIA® CUDA® Toolkit software. To protect your system, download and install this software update from the <a href="https://developer.nvidia.com/cuda-toolkit">CUDA Toolkit Downloads</a> page. | |
| 2023-06-26 | CWE-787 NVIDIA GPU Display Driver for Windows contains a vulnerability in the user-mode layer, where an unprivileged user can cause an out-of-bounds write, which may lead to code execution, information disclosure, and denial of service. Security Bulletin: NVIDIA GPU Display Driver - June 2023 NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin.<br>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and Cloud Gaming updates, through the <a href="https://www.nvidia.com/content/nvidia/en-us/cloud-gaming/cloud-gaming-downloads.html">NVIDIA Licensing Portal</a>. | |
| 2023-04-21 | CWE-125 NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure. Security Bulletin: NVIDIA CUDA Toolkit - April 2023 NVIDIA has released a software update for NVIDIA® CUDA® Toolkit software. This update addresses security issues that may lead to code execution, limited denial of service, and limited information disclosure. To protect your system, download and install this software update from the <a href="https://developer.nvidia.com/cuda-toolkit">CUDA Toolkit Downloads</a> page. | |
| 2023-04-21 | CWE-125 NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure. Security Bulletin: NVIDIA CUDA Toolkit - April 2023 NVIDIA has released a software update for NVIDIA® CUDA® Toolkit software. This update addresses security issues that may lead to code execution, limited denial of service, and limited information disclosure. To protect your system, download and install this software update from the <a href="https://developer.nvidia.com/cuda-toolkit">CUDA Toolkit Downloads</a> page. | |
| 2023-04-21 | CWE-125 NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds memory read by running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure. Security Bulletin: NVIDIA CUDA Toolkit - April 2023 NVIDIA has released a software update for NVIDIA® CUDA® Toolkit software. This update addresses security issues that may lead to code execution, limited denial of service, and limited information disclosure. To protect your system, download and install this software update from the <a href="https://developer.nvidia.com/cuda-toolkit">CUDA Toolkit Downloads</a> page. | |
| 2023-04-21 | CWE-476 NVIDIA CUDA Toolkit SDK for Linux and Windows contains a NULL pointer dereference in cuobjdump, where a local user running the tool against a malformed binary may cause a limited denial of service. Security Bulletin: NVIDIA CUDA Toolkit - April 2023 NVIDIA has released a software update for NVIDIA® CUDA® Toolkit software. This update addresses security issues that may lead to code execution, limited denial of service, and limited information disclosure. To protect your system, download and install this software update from the <a href="https://developer.nvidia.com/cuda-toolkit">CUDA Toolkit Downloads</a> page. | |
| 2023-03-31 | CWE-122 NVIDIA DCGM for Linux contains a vulnerability in HostEngine (server component) where a user may cause a heap-based buffer overflow through the bound socket. A successful exploit of this vulnerability may lead to denial of service and data tampering. Security Bulletin: NVIDIA DCGM - March 2023 NVIDIA has released a software update for NVIDIA® Data Center GPU Manager (DCGM). The update addresses security issues that may lead to denial of service and data tampering. To protect your system, <a href="https://developer.nvidia.com/dcgm#Downloads">download and install the latest DCGM release from the CUDA repositories</a>. | |
| 2023-03-30 | CWE-787 NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds write can lead to denial of service and data tampering. Security Bulletin: NVIDIA GPU Display Driver - March 2023 NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin.<br>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and Cloud Gaming updates, through the <a href="https://www.nvidia.com/content/nvidia/en-us/cloud-gaming/cloud-gaming-downloads.html">NVIDIA Licensing Portal</a>. | |
| 2023-03-30 | CWE-119 NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds access may lead to denial of service or data tampering. Security Bulletin: NVIDIA GPU Display Driver - March 2023 NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin.<br>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and Cloud Gaming updates, through the <a href="https://www.nvidia.com/content/nvidia/en-us/cloud-gaming/cloud-gaming-downloads.html">NVIDIA Licensing Portal</a>. | |
| 2023-03-30 | CWE-476 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a NULL pointer dereference may lead to denial of service. Security Bulletin: NVIDIA GPU Display Driver - March 2023 NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin.<br>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and Cloud Gaming updates, through the <a href="https://www.nvidia.com/content/nvidia/en-us/cloud-gaming/cloud-gaming-downloads.html">NVIDIA Licensing Portal</a>. | |
| 2023-03-30 | CWE-119 NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged user can cause an out-of-bounds read, which may lead to denial of service. Security Bulletin: NVIDIA GPU Display Driver - March 2023 NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin.<br>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and Cloud Gaming updates, through the <a href="https://www.nvidia.com/content/nvidia/en-us/cloud-gaming/cloud-gaming-downloads.html">NVIDIA Licensing Portal</a>. | |
| 2023-03-30 | CWE-125 NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read can lead to denial of service. Security Bulletin: NVIDIA GPU Display Driver - March 2023 NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin.<br>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and Cloud Gaming updates, through the <a href="https://www.nvidia.com/content/nvidia/en-us/cloud-gaming/cloud-gaming-downloads.html">NVIDIA Licensing Portal</a>. | |
| 2023-03-30 | CWE-787 NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an out-of-bounds write can lead to denial of service and data tampering. Security Bulletin: NVIDIA GPU Display Driver - March 2023 NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin.<br>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and Cloud Gaming updates, through the <a href="https://www.nvidia.com/content/nvidia/en-us/cloud-gaming/cloud-gaming-downloads.html">NVIDIA Licensing Portal</a>. | |
| 2023-03-30 | CWE-787 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer where an out-of-bounds write can lead to denial of service and data tampering. Security Bulletin: NVIDIA GPU Display Driver - March 2023 NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin.<br>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and Cloud Gaming updates, through the <a href="https://www.nvidia.com/content/nvidia/en-us/cloud-gaming/cloud-gaming-downloads.html">NVIDIA Licensing Portal</a>. | |
| 2023-03-30 | CWE-787 NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an out-of-bounds write can lead to denial of service, information disclosure, and data tampering. Security Bulletin: NVIDIA GPU Display Driver - March 2023 NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin.<br>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and Cloud Gaming updates, through the <a href="https://www.nvidia.com/content/nvidia/en-us/cloud-gaming/cloud-gaming-downloads.html">NVIDIA Licensing Portal</a>. | |
| 2023-03-23 | CWE-788 NVIDIA DGX-2 contains a vulnerability in OFBD where a user with high privileges and a pre-conditioned heap can cause an access beyond a buffers end, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. Security Bulletin: NVIDIA DGX-2, DGX Station A100, and DGX A100 - March 2023 NVIDIA has released a firmware security update for the NVIDIA DGX-2™ server, DGX A100 server, and DGX Station A100. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, loss of data integrity, information disclosure, or data tampering.<div>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>.</div> | |
| 2023-03-23 | CWE-120 NVIDIA BMC contains a vulnerability in the IPMI handler, where an attacker with the required privileges can cause a buffer overflow, which may lead to denial of service or code execution. Security Bulletin: NVIDIA DGX-2, DGX Station A100, and DGX A100 - March 2023 NVIDIA has released a firmware security update for the NVIDIA DGX-2™ server, DGX A100 server, and DGX Station A100. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, loss of data integrity, information disclosure, or data tampering.<div>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>.</div> | |
| 2023-03-23 | CWE-120 NVIDIA BMC contains a vulnerability in the IPMI handler, where an attacker with the required privileges can cause a buffer overflow, which may lead to denial of service or code execution. Security Bulletin: NVIDIA DGX-2, DGX Station A100, and DGX A100 - March 2023 NVIDIA has released a firmware security update for the NVIDIA DGX-2™ server, DGX A100 server, and DGX Station A100. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, loss of data integrity, information disclosure, or data tampering.<div>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>.</div> | |
| 2023-03-01 | CWE-125 NVIDIA CUDA Toolkit SDK contains a vulnerability in cuobjdump, where a local user running the tool against a malicious binary may cause an out-of-bounds read, which may result in a limited denial of service and limited information disclosure. Security Bulletin: NVIDIA CUDA Toolkit - March 2023 NVIDIA has released a software update for NVIDIA® CUDA® Toolkit software. This update addresses security issues that may lead to denial of service or information disclosure.<div>To protect your system, download and install this software update from the <a href="https://developer.nvidia.com/cuda-toolkit">CUDA Toolkit Downloads</a> page.</div> | |
| 2023-01-25 | CWE-121 NVIDIA distributions of Linux contain a vulnerability in nvdla_emu_task_submit, where unvalidated input may allow a local attacker to cause stack-based buffer overflow in kernel code, which may lead to escalation of privileges, compromised data integrity and confidentiality, and denial of service. Security Bulletin: NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, Jetson AGX Orin Series - January 2023 NVIDIA has released a software update for NVIDIA® Jetson AGX Xavier™ series, Jetson Xavier™ NX, and Jetson AGX Orin series in the NVIDIA JetPack™ software development kit (SDK). The update addresses security issues that may lead to escalation of privileges, compromised data integrity and confidentiality, and denial of service. To protect your system, download and install the latest NVIDIA JetPack SDK from <a href="https://developer.nvidia.com/embedded/downloads">NVIDIA DevZone</a>. | |
| 2023-01-10 | CWE-120 NVIDIA BMC contains a vulnerability in the IPMI handler, where an attacker with the required privileges can cause a buffer overflow, which may lead to denial of service or code execution. Security Bulletin: NVIDIA DGX A100 Server and DGX Station A100 - December 2022 NVIDIA has released a firmware security update for NVIDIA DGX A100 server and NVIDIA DGX Station A100. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, loss of data integrity, information disclosure, or data tampering.<br><div><br></div><div>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>.</div> | |
| 2023-01-10 | CWE-787 NVIDIA DGX A100 contains a vulnerability in SBIOS in the FsRecovery, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, loss of data integrity, or information disclosure. Security Bulletin: NVIDIA DGX A100 Server and DGX Station A100 - December 2022 NVIDIA has released a firmware security update for NVIDIA DGX A100 server and NVIDIA DGX Station A100. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, loss of data integrity, information disclosure, or data tampering.<br><div><br></div><div>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>.</div> | |
| 2023-01-10 | CWE-120 NVIDIA BMC contains a vulnerability in the IPMI handler, where an attacker with the required privileges can cause a buffer overflow, which may lead to denial of service or code execution. Security Bulletin: NVIDIA DGX A100 Server and DGX Station A100 - December 2022 NVIDIA has released a firmware security update for NVIDIA DGX A100 server and NVIDIA DGX Station A100. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, loss of data integrity, information disclosure, or data tampering.<br><div><br></div><div>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>.</div> | |
| 2023-01-10 | CWE-120 NVIDIA BMC contains a vulnerability in libwebsocket, where an attacker with the required privileges can cause a buffer overflow, which may lead to denial of service or code execution. Security Bulletin: NVIDIA DGX A100 Server and DGX Station A100 - December 2022 NVIDIA has released a firmware security update for NVIDIA DGX A100 server and NVIDIA DGX Station A100. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, loss of data integrity, information disclosure, or data tampering.<br><div><br></div><div>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>.</div> | |
| 2023-01-10 | CWE-120 NVIDIA BMC contains a vulnerability in the IPMI handler, where an attacker with the required privileges can cause a buffer overflow, which may lead to code execution, denial of service, or escalation of privileges. Security Bulletin: NVIDIA DGX A100 Server and DGX Station A100 - December 2022 NVIDIA has released a firmware security update for NVIDIA DGX A100 server and NVIDIA DGX Station A100. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, loss of data integrity, information disclosure, or data tampering.<br><div><br></div><div>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>.</div> | |
| 2023-01-10 | CWE-120 NVIDIA baseboard management controller (BMC) contains a vulnerability in the Intelligent Platform Management Interface (IPMI) handler, where an attacker with the required privileges can cause a buffer overflow, which may lead to denial of service or code execution. Security Bulletin: NVIDIA DGX A100 Server and DGX Station A100 - December 2022 NVIDIA has released a firmware security update for NVIDIA DGX A100 server and NVIDIA DGX Station A100. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, loss of data integrity, information disclosure, or data tampering.<br><div><br></div><div>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>.</div> | |
| 2022-12-20 | CWE-345 NVIDIA GPU Display Driver for Windows contains a vulnerability where a regular user can cause an out-of-bounds read, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. Security Bulletin: NVIDIA GPU Display Driver - November 2022 NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.<br><div><br></div><div>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and NVIDIA Cloud Gaming updates, through the NVIDIA Licensing Portal.</div> | |
| 2022-12-20 | CWE-787 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering. Security Bulletin: NVIDIA GPU Display Driver - November 2022 NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.<br><div><br></div><div>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and NVIDIA Cloud Gaming updates, through the NVIDIA Licensing Portal.</div> | |
| 2022-12-20 | CWE-125 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, data tampering, or information disclosure. Security Bulletin: NVIDIA GPU Display Driver - November 2022 NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.<br><div><br></div><div>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and NVIDIA Cloud Gaming updates, through the NVIDIA Licensing Portal.</div> | |
| 2022-12-20 | CWE-197 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an integer truncation can lead to an out-of-bounds read, which may lead to denial of service. Security Bulletin: NVIDIA GPU Display Driver - November 2022 NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.<br><div><br></div><div>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and NVIDIA Cloud Gaming updates, through the NVIDIA Licensing Portal.</div> | |
| 2022-12-20 | CWE-197 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read may lead to denial of service, information disclosure, or data tampering. Security Bulletin: NVIDIA GPU Display Driver - November 2022 NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.<br><div><br></div><div>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and NVIDIA Cloud Gaming updates, through the NVIDIA Licensing Portal.</div> | |
| 2022-12-20 | CWE-190 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering. Security Bulletin: NVIDIA GPU Display Driver - November 2022 NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.<br><div><br></div><div>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and NVIDIA Cloud Gaming updates, through the NVIDIA Licensing Portal.</div> | |
| 2022-12-20 | CWE-787 NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds write, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. Security Bulletin: NVIDIA GPU Display Driver - November 2022 NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.<br><div><br></div><div>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and NVIDIA Cloud Gaming updates, through the NVIDIA Licensing Portal.</div> | |
| 2022-11-30 | CWE-121 NVIDIA distributions of Linux contain a vulnerability in nvdla_emu_task_submit, where unvalidated input may allow a local attacker to cause stack-based buffer overflow in kernel code, which may lead to escalation of privileges, compromised integrity and confidentiality, and denial of service. Security Bulletin: NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, Jetson TX1, Jetson TX2 Series (including Jetson TX2 NX), and Jetson Nano (including Jetson Nano 2GB) - November 2022 NVIDIA has released a software update for NVIDIA® Jetson AGX Xavier™ series, Jetson Xavier™ NX, Jetson TX1, Jetson TX2 series (including Jetson TX2 NX), and Jetson Nano™ devices (including Jetson Nano 2GB) in the NVIDIA JetPack™ software development kit (SDK). The update addresses security issues that may lead to denial of service, escalation of privileges, and impact to data integrity and confidentiality. To protect your system, download and install the latest NVIDIA JetPack SDK from <a href="https://developer.nvidia.com/embedded/downloads">NVIDIA DevZone</a>. | |
| 2022-10-05 | CWE-121 NVIDIA CUDA Toolkit SDK contains a stack-based buffer overflow vulnerability in cuobjdump, where an unprivileged remote attacker could exploit this buffer overflow condition by persuading a local user to download a specially crafted corrupted file and execute cuobjdump against it locally, which may lead to a limited denial of service and some loss of data integrity for the local user. Security Bulletin: NVIDIA CUDA Toolkit - October 2022 NVIDIA has released a software update for NVIDIA® CUDA® Toolkit software. This update addresses security issues that may lead to code execution, denial of service, or information disclosure.<div>To protect your system, download and install this software update from the <a href="https://developer.nvidia.com/cuda-toolkit">CUDA Toolkit Downloads</a> page.</div> | |
| 2022-08-29 | CWE-1284 NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality. Security Bulletin: NVIDIA Data Plane Development Kit (MLNX_DPDK) - August 2022 NVIDIA has released a software update for MLNX_DPDK to address a security issue that may lead to denial of service, and some impact to data integrity and confidentiality.<div>To protect your system, contact your NVIDIA representative to obtain the MLNX_DPDK version that contains the update and install it.</div> | |
| 2022-08-16 | CWE-476 NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a null pointer, which may lead to denial of service. Security Bulletin: NVIDIA GPU Display Driver - August 2022 NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to denial of service, information disclosure, escalation of privileges, code execution, or data tampering.<br><div><br></div><div>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and NVIDIA Cloud Gaming updates, through the NVIDIA Licensing Portal.</div> | |
| 2022-08-16 | CWE-125 NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds read, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. Security Bulletin: NVIDIA GPU Display Driver - August 2022 NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to denial of service, information disclosure, escalation of privileges, code execution, or data tampering.<br><div><br></div><div>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and NVIDIA Cloud Gaming updates, through the NVIDIA Licensing Portal.</div> | |
| 2022-08-16 | CWE-20 NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to denial of service, or information disclosure. Security Bulletin: NVIDIA GPU Display Driver - August 2022 NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to denial of service, information disclosure, escalation of privileges, code execution, or data tampering.<br><div><br></div><div>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and NVIDIA Cloud Gaming updates, through the NVIDIA Licensing Portal.</div> | |
| 2022-08-16 | CWE-125 NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to a system crash or a leak of internal kernel information. Security Bulletin: NVIDIA GPU Display Driver - August 2022 NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to denial of service, information disclosure, escalation of privileges, code execution, or data tampering.<br><div><br></div><div>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and NVIDIA Cloud Gaming updates, through the NVIDIA Licensing Portal.</div> | |
| 2022-08-16 | CWE-787 NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds write, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. Security Bulletin: NVIDIA GPU Display Driver - August 2022 NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to denial of service, information disclosure, escalation of privileges, code execution, or data tampering.<br><div><br></div><div>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and NVIDIA Cloud Gaming updates, through the NVIDIA Licensing Portal.</div> | |
| 2022-08-16 | CWE-787 NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a failure to properly validate data might allow an attacker with basic user capabilities to cause an out-of-bounds access in kernel mode, which could lead to denial of service, information disclosure, escalation of privileges, or data tampering. Security Bulletin: NVIDIA GPU Display Driver - August 2022 NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to denial of service, information disclosure, escalation of privileges, code execution, or data tampering.<br><div><br></div><div>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and NVIDIA Cloud Gaming updates, through the NVIDIA Licensing Portal.</div> | |
| 2022-06-07 | CWE-787 NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with elevated privileges and a preconditioned heap can exploit an out-of-bounds write vulnerability, which may lead to code execution, denial of service, data integrity impact, and information disclosure. Security Bulletin: NVIDIA DGX A100 Firmware - June 2022 NVIDIA has released a security update for NVIDIA DGX A100 firmware. This update addresses issues that may lead to information disclosure, denial of service, or escalation of privileges.<div>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>.</div> | |
| 2022-06-07 | CWE-787 NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmbiosPei, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclosure. Security Bulletin: NVIDIA DGX A100 Firmware - June 2022 NVIDIA has released a security update for NVIDIA DGX A100 firmware. This update addresses issues that may lead to information disclosure, denial of service, or escalation of privileges.<div>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>.</div> | |
| 2022-06-07 | CWE-824 NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an uninitialized pointer, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components. Security Bulletin: NVIDIA DGX A100 Firmware - June 2022 NVIDIA has released a security update for NVIDIA DGX A100 firmware. This update addresses issues that may lead to information disclosure, denial of service, or escalation of privileges.<div>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>.</div> | |
| 2022-05-26 | CWE-20 NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot blob_decompress function, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, limited loss of Integrity, and limited denial of service. The scope of impact can extend to other components. Security Bulletin: NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, Jetson TX1, Jetson TX2 Series (including Jetson TX2 NX) - April 2022 NVIDIA has released a software update for NVIDIA® Jetson AGX Xavier™ series, Jetson Xavier™ NX, Jetson TX1, Jetson TX2 series (including Jetson TX2 NX) in the NVIDIA JetPack™ software development kit (SDK). The update addresses security issues that may lead to denial of service, escalation of privileges, and impacts to data integrity and confidentiality. To protect your system, download and install the latest NVIDIA JetPack SDK from <a href="https://developer.nvidia.com/embedded/downloads">NVIDIA DevZone</a>. | |
| 2022-05-26 | CWE-119 NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where, if TFTP is enabled, a local attacker with elevated privileges can cause a memory buffer overflow, which may lead to code execution, loss of Integrity, limited denial of service, and some impact to confidentiality. Security Bulletin: NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, Jetson TX1, Jetson TX2 Series (including Jetson TX2 NX) - April 2022 NVIDIA has released a software update for NVIDIA® Jetson AGX Xavier™ series, Jetson Xavier™ NX, Jetson TX1, Jetson TX2 series (including Jetson TX2 NX) in the NVIDIA JetPack™ software development kit (SDK). The update addresses security issues that may lead to denial of service, escalation of privileges, and impacts to data integrity and confidentiality. To protect your system, download and install the latest NVIDIA JetPack SDK from <a href="https://developer.nvidia.com/embedded/downloads">NVIDIA DevZone</a>. | |
| 2022-05-26 | CWE-20 NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, loss of integrity, limited denial of service, and some impact to confidentiality. Security Bulletin: NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, Jetson TX1, Jetson TX2 Series (including Jetson TX2 NX) - April 2022 NVIDIA has released a software update for NVIDIA® Jetson AGX Xavier™ series, Jetson Xavier™ NX, Jetson TX1, Jetson TX2 series (including Jetson TX2 NX) in the NVIDIA JetPack™ software development kit (SDK). The update addresses security issues that may lead to denial of service, escalation of privileges, and impacts to data integrity and confidentiality. To protect your system, download and install the latest NVIDIA JetPack SDK from <a href="https://developer.nvidia.com/embedded/downloads">NVIDIA DevZone</a>. | |
| 2022-05-24 | CWE-476 NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a NULL pointer dereference may lead to a system crash. Security Bulletin: NVIDIA GPU Display Driver - May 2022 NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to denial of service, information disclosure, or data tampering.<div>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software update, through the NVIDIA Licensing Portal.</div> | |
| 2022-05-24 | CWE-787 NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the ECC layer, where an unprivileged regular user can cause an out-of-bounds write, which may lead to denial of service and data tampering. Security Bulletin: NVIDIA GPU Display Driver - May 2022 NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to denial of service, information disclosure, or data tampering.<div>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software update, through the NVIDIA Licensing Portal.</div> | |
| 2022-05-24 | CWE-125 NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause an out-of-bounds read, which may lead to denial of service and information disclosure. Security Bulletin: NVIDIA GPU Display Driver - May 2022 NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to denial of service, information disclosure, or data tampering.<div>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software update, through the NVIDIA Licensing Portal.</div> | |
| 2022-05-24 | CWE-787 NVIDIA GPU Display Driver for Windows contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), where an unauthorized attacker on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution to cause denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components. Security Bulletin: NVIDIA GPU Display Driver - May 2022 NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to denial of service, information disclosure, or data tampering.<div>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software update, through the NVIDIA Licensing Portal.</div> | |
| 2022-05-24 | CWE-787 NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. Security Bulletin: NVIDIA GPU Display Driver - May 2022 NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to denial of service, information disclosure, or data tampering.<div>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software update, through the NVIDIA Licensing Portal.</div> | |
| 2022-02-01 | CWE-476 NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system crash. Security Bulletin: NVIDIA GPU Display Driver - February 2022 NVIDIA has released security updates to address vulnerabilities in various products. | |
| 2022-01-12 | CWE-476 NVIDIA Tegra kernel driver contains a vulnerability in NVHost, where a specific race condition can lead to a null pointer dereference, which may lead to a system reboot. Security Bulletin: NVIDIA SHIELD TV - January 2022 NVIDIA has released a software security update for NVIDIA SHIELD® TV. This update addresses issues that may lead to information disclosure, denial of service, code execution, or escalation of privileges. To protect your system, download and install this software update through Settings>About>System update. | |
| 2022-01-12 | CWE-690 NVIDIA Linux distributions contain a vulnerability in TrustZone’s TEE_Malloc function, where an unchecked return value causing a null pointer dereference may lead to denial of service. Security Bulletin: NVIDIA SHIELD TV - January 2022 NVIDIA has released a software security update for NVIDIA SHIELD® TV. This update addresses issues that may lead to information disclosure, denial of service, code execution, or escalation of privileges. To protect your system, download and install this software update through Settings>About>System update. | |
| 2022-01-12 | CWE-476 NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where a null pointer dereference may lead to denial of service. Security Bulletin: NVIDIA SHIELD TV - January 2022 NVIDIA has released a software security update for NVIDIA SHIELD® TV. This update addresses issues that may lead to information disclosure, denial of service, code execution, or escalation of privileges. To protect your system, download and install this software update through Settings>About>System update. |