2022 Bulletins
Search CVEs in this year by count, description, or CWE
Bulletins: 11
CVEs: 37
Search by bulletin count, CVE count, CVE description, or CWE.
Matching CVEs: 37
No matching CVEs found.
| Date | Scope | CVE / Details |
|---|---|---|
| 2023-01-10 | CWE-120 NVIDIA BMC contains a vulnerability in the IPMI handler, where an attacker with the required privileges can cause a buffer overflow, which may lead to denial of service or code execution. Security Bulletin: NVIDIA DGX A100 Server and DGX Station A100 - December 2022 NVIDIA has released a firmware security update for NVIDIA DGX A100 server and NVIDIA DGX Station A100. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, loss of data integrity, information disclosure, or data tampering.<br><div><br></div><div>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>.</div> | |
| 2023-01-10 | CWE-787 NVIDIA DGX A100 contains a vulnerability in SBIOS in the FsRecovery, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, loss of data integrity, or information disclosure. Security Bulletin: NVIDIA DGX A100 Server and DGX Station A100 - December 2022 NVIDIA has released a firmware security update for NVIDIA DGX A100 server and NVIDIA DGX Station A100. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, loss of data integrity, information disclosure, or data tampering.<br><div><br></div><div>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>.</div> | |
| 2023-01-10 | CWE-120 NVIDIA BMC contains a vulnerability in the IPMI handler, where an attacker with the required privileges can cause a buffer overflow, which may lead to denial of service or code execution. Security Bulletin: NVIDIA DGX A100 Server and DGX Station A100 - December 2022 NVIDIA has released a firmware security update for NVIDIA DGX A100 server and NVIDIA DGX Station A100. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, loss of data integrity, information disclosure, or data tampering.<br><div><br></div><div>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>.</div> | |
| 2023-01-10 | CWE-120 NVIDIA BMC contains a vulnerability in libwebsocket, where an attacker with the required privileges can cause a buffer overflow, which may lead to denial of service or code execution. Security Bulletin: NVIDIA DGX A100 Server and DGX Station A100 - December 2022 NVIDIA has released a firmware security update for NVIDIA DGX A100 server and NVIDIA DGX Station A100. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, loss of data integrity, information disclosure, or data tampering.<br><div><br></div><div>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>.</div> | |
| 2023-01-10 | CWE-120 NVIDIA BMC contains a vulnerability in the IPMI handler, where an attacker with the required privileges can cause a buffer overflow, which may lead to code execution, denial of service, or escalation of privileges. Security Bulletin: NVIDIA DGX A100 Server and DGX Station A100 - December 2022 NVIDIA has released a firmware security update for NVIDIA DGX A100 server and NVIDIA DGX Station A100. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, loss of data integrity, information disclosure, or data tampering.<br><div><br></div><div>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>.</div> | |
| 2023-01-10 | CWE-120 NVIDIA baseboard management controller (BMC) contains a vulnerability in the Intelligent Platform Management Interface (IPMI) handler, where an attacker with the required privileges can cause a buffer overflow, which may lead to denial of service or code execution. Security Bulletin: NVIDIA DGX A100 Server and DGX Station A100 - December 2022 NVIDIA has released a firmware security update for NVIDIA DGX A100 server and NVIDIA DGX Station A100. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, loss of data integrity, information disclosure, or data tampering.<br><div><br></div><div>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>.</div> | |
| 2022-12-20 | CWE-345 NVIDIA GPU Display Driver for Windows contains a vulnerability where a regular user can cause an out-of-bounds read, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. Security Bulletin: NVIDIA GPU Display Driver - November 2022 NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.<br><div><br></div><div>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and NVIDIA Cloud Gaming updates, through the NVIDIA Licensing Portal.</div> | |
| 2022-12-20 | CWE-787 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering. Security Bulletin: NVIDIA GPU Display Driver - November 2022 NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.<br><div><br></div><div>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and NVIDIA Cloud Gaming updates, through the NVIDIA Licensing Portal.</div> | |
| 2022-12-20 | CWE-125 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, data tampering, or information disclosure. Security Bulletin: NVIDIA GPU Display Driver - November 2022 NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.<br><div><br></div><div>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and NVIDIA Cloud Gaming updates, through the NVIDIA Licensing Portal.</div> | |
| 2022-12-20 | CWE-197 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an integer truncation can lead to an out-of-bounds read, which may lead to denial of service. Security Bulletin: NVIDIA GPU Display Driver - November 2022 NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.<br><div><br></div><div>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and NVIDIA Cloud Gaming updates, through the NVIDIA Licensing Portal.</div> | |
| 2022-12-20 | CWE-197 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read may lead to denial of service, information disclosure, or data tampering. Security Bulletin: NVIDIA GPU Display Driver - November 2022 NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.<br><div><br></div><div>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and NVIDIA Cloud Gaming updates, through the NVIDIA Licensing Portal.</div> | |
| 2022-12-20 | CWE-190 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering. Security Bulletin: NVIDIA GPU Display Driver - November 2022 NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.<br><div><br></div><div>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and NVIDIA Cloud Gaming updates, through the NVIDIA Licensing Portal.</div> | |
| 2022-12-20 | CWE-787 NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds write, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. Security Bulletin: NVIDIA GPU Display Driver - November 2022 NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.<br><div><br></div><div>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and NVIDIA Cloud Gaming updates, through the NVIDIA Licensing Portal.</div> | |
| 2022-11-30 | CWE-121 NVIDIA distributions of Linux contain a vulnerability in nvdla_emu_task_submit, where unvalidated input may allow a local attacker to cause stack-based buffer overflow in kernel code, which may lead to escalation of privileges, compromised integrity and confidentiality, and denial of service. Security Bulletin: NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, Jetson TX1, Jetson TX2 Series (including Jetson TX2 NX), and Jetson Nano (including Jetson Nano 2GB) - November 2022 NVIDIA has released a software update for NVIDIA® Jetson AGX Xavier™ series, Jetson Xavier™ NX, Jetson TX1, Jetson TX2 series (including Jetson TX2 NX), and Jetson Nano™ devices (including Jetson Nano 2GB) in the NVIDIA JetPack™ software development kit (SDK). The update addresses security issues that may lead to denial of service, escalation of privileges, and impact to data integrity and confidentiality. To protect your system, download and install the latest NVIDIA JetPack SDK from <a href="https://developer.nvidia.com/embedded/downloads">NVIDIA DevZone</a>. | |
| 2022-10-05 | CWE-121 NVIDIA CUDA Toolkit SDK contains a stack-based buffer overflow vulnerability in cuobjdump, where an unprivileged remote attacker could exploit this buffer overflow condition by persuading a local user to download a specially crafted corrupted file and execute cuobjdump against it locally, which may lead to a limited denial of service and some loss of data integrity for the local user. Security Bulletin: NVIDIA CUDA Toolkit - October 2022 NVIDIA has released a software update for NVIDIA® CUDA® Toolkit software. This update addresses security issues that may lead to code execution, denial of service, or information disclosure.<div>To protect your system, download and install this software update from the <a href="https://developer.nvidia.com/cuda-toolkit">CUDA Toolkit Downloads</a> page.</div> | |
| 2022-08-29 | CWE-1284 NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality. Security Bulletin: NVIDIA Data Plane Development Kit (MLNX_DPDK) - August 2022 NVIDIA has released a software update for MLNX_DPDK to address a security issue that may lead to denial of service, and some impact to data integrity and confidentiality.<div>To protect your system, contact your NVIDIA representative to obtain the MLNX_DPDK version that contains the update and install it.</div> | |
| 2022-08-16 | CWE-476 NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a null pointer, which may lead to denial of service. Security Bulletin: NVIDIA GPU Display Driver - August 2022 NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to denial of service, information disclosure, escalation of privileges, code execution, or data tampering.<br><div><br></div><div>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and NVIDIA Cloud Gaming updates, through the NVIDIA Licensing Portal.</div> | |
| 2022-08-16 | CWE-125 NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds read, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. Security Bulletin: NVIDIA GPU Display Driver - August 2022 NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to denial of service, information disclosure, escalation of privileges, code execution, or data tampering.<br><div><br></div><div>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and NVIDIA Cloud Gaming updates, through the NVIDIA Licensing Portal.</div> | |
| 2022-08-16 | CWE-20 NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to denial of service, or information disclosure. Security Bulletin: NVIDIA GPU Display Driver - August 2022 NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to denial of service, information disclosure, escalation of privileges, code execution, or data tampering.<br><div><br></div><div>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and NVIDIA Cloud Gaming updates, through the NVIDIA Licensing Portal.</div> | |
| 2022-08-16 | CWE-125 NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to a system crash or a leak of internal kernel information. Security Bulletin: NVIDIA GPU Display Driver - August 2022 NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to denial of service, information disclosure, escalation of privileges, code execution, or data tampering.<br><div><br></div><div>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and NVIDIA Cloud Gaming updates, through the NVIDIA Licensing Portal.</div> | |
| 2022-08-16 | CWE-787 NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds write, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. Security Bulletin: NVIDIA GPU Display Driver - August 2022 NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to denial of service, information disclosure, escalation of privileges, code execution, or data tampering.<br><div><br></div><div>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and NVIDIA Cloud Gaming updates, through the NVIDIA Licensing Portal.</div> | |
| 2022-08-16 | CWE-787 NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a failure to properly validate data might allow an attacker with basic user capabilities to cause an out-of-bounds access in kernel mode, which could lead to denial of service, information disclosure, escalation of privileges, or data tampering. Security Bulletin: NVIDIA GPU Display Driver - August 2022 NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to denial of service, information disclosure, escalation of privileges, code execution, or data tampering.<br><div><br></div><div>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and NVIDIA Cloud Gaming updates, through the NVIDIA Licensing Portal.</div> | |
| 2022-06-07 | CWE-787 NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with elevated privileges and a preconditioned heap can exploit an out-of-bounds write vulnerability, which may lead to code execution, denial of service, data integrity impact, and information disclosure. Security Bulletin: NVIDIA DGX A100 Firmware - June 2022 NVIDIA has released a security update for NVIDIA DGX A100 firmware. This update addresses issues that may lead to information disclosure, denial of service, or escalation of privileges.<div>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>.</div> | |
| 2022-06-07 | CWE-787 NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmbiosPei, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclosure. Security Bulletin: NVIDIA DGX A100 Firmware - June 2022 NVIDIA has released a security update for NVIDIA DGX A100 firmware. This update addresses issues that may lead to information disclosure, denial of service, or escalation of privileges.<div>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>.</div> | |
| 2022-06-07 | CWE-824 NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an uninitialized pointer, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components. Security Bulletin: NVIDIA DGX A100 Firmware - June 2022 NVIDIA has released a security update for NVIDIA DGX A100 firmware. This update addresses issues that may lead to information disclosure, denial of service, or escalation of privileges.<div>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>.</div> | |
| 2022-05-26 | CWE-20 NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot blob_decompress function, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, limited loss of Integrity, and limited denial of service. The scope of impact can extend to other components. Security Bulletin: NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, Jetson TX1, Jetson TX2 Series (including Jetson TX2 NX) - April 2022 NVIDIA has released a software update for NVIDIA® Jetson AGX Xavier™ series, Jetson Xavier™ NX, Jetson TX1, Jetson TX2 series (including Jetson TX2 NX) in the NVIDIA JetPack™ software development kit (SDK). The update addresses security issues that may lead to denial of service, escalation of privileges, and impacts to data integrity and confidentiality. To protect your system, download and install the latest NVIDIA JetPack SDK from <a href="https://developer.nvidia.com/embedded/downloads">NVIDIA DevZone</a>. | |
| 2022-05-26 | CWE-119 NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where, if TFTP is enabled, a local attacker with elevated privileges can cause a memory buffer overflow, which may lead to code execution, loss of Integrity, limited denial of service, and some impact to confidentiality. Security Bulletin: NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, Jetson TX1, Jetson TX2 Series (including Jetson TX2 NX) - April 2022 NVIDIA has released a software update for NVIDIA® Jetson AGX Xavier™ series, Jetson Xavier™ NX, Jetson TX1, Jetson TX2 series (including Jetson TX2 NX) in the NVIDIA JetPack™ software development kit (SDK). The update addresses security issues that may lead to denial of service, escalation of privileges, and impacts to data integrity and confidentiality. To protect your system, download and install the latest NVIDIA JetPack SDK from <a href="https://developer.nvidia.com/embedded/downloads">NVIDIA DevZone</a>. | |
| 2022-05-26 | CWE-20 NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, loss of integrity, limited denial of service, and some impact to confidentiality. Security Bulletin: NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, Jetson TX1, Jetson TX2 Series (including Jetson TX2 NX) - April 2022 NVIDIA has released a software update for NVIDIA® Jetson AGX Xavier™ series, Jetson Xavier™ NX, Jetson TX1, Jetson TX2 series (including Jetson TX2 NX) in the NVIDIA JetPack™ software development kit (SDK). The update addresses security issues that may lead to denial of service, escalation of privileges, and impacts to data integrity and confidentiality. To protect your system, download and install the latest NVIDIA JetPack SDK from <a href="https://developer.nvidia.com/embedded/downloads">NVIDIA DevZone</a>. | |
| 2022-05-24 | CWE-476 NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a NULL pointer dereference may lead to a system crash. Security Bulletin: NVIDIA GPU Display Driver - May 2022 NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to denial of service, information disclosure, or data tampering.<div>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software update, through the NVIDIA Licensing Portal.</div> | |
| 2022-05-24 | CWE-787 NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the ECC layer, where an unprivileged regular user can cause an out-of-bounds write, which may lead to denial of service and data tampering. Security Bulletin: NVIDIA GPU Display Driver - May 2022 NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to denial of service, information disclosure, or data tampering.<div>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software update, through the NVIDIA Licensing Portal.</div> | |
| 2022-05-24 | CWE-125 NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause an out-of-bounds read, which may lead to denial of service and information disclosure. Security Bulletin: NVIDIA GPU Display Driver - May 2022 NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to denial of service, information disclosure, or data tampering.<div>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software update, through the NVIDIA Licensing Portal.</div> | |
| 2022-05-24 | CWE-787 NVIDIA GPU Display Driver for Windows contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), where an unauthorized attacker on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution to cause denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components. Security Bulletin: NVIDIA GPU Display Driver - May 2022 NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to denial of service, information disclosure, or data tampering.<div>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software update, through the NVIDIA Licensing Portal.</div> | |
| 2022-05-24 | CWE-787 NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. Security Bulletin: NVIDIA GPU Display Driver - May 2022 NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to denial of service, information disclosure, or data tampering.<div>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software update, through the NVIDIA Licensing Portal.</div> | |
| 2022-02-01 | CWE-476 NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system crash. Security Bulletin: NVIDIA GPU Display Driver - February 2022 NVIDIA has released security updates to address vulnerabilities in various products. | |
| 2022-01-12 | CWE-476 NVIDIA Tegra kernel driver contains a vulnerability in NVHost, where a specific race condition can lead to a null pointer dereference, which may lead to a system reboot. Security Bulletin: NVIDIA SHIELD TV - January 2022 NVIDIA has released a software security update for NVIDIA SHIELD® TV. This update addresses issues that may lead to information disclosure, denial of service, code execution, or escalation of privileges. To protect your system, download and install this software update through Settings>About>System update. | |
| 2022-01-12 | CWE-690 NVIDIA Linux distributions contain a vulnerability in TrustZone’s TEE_Malloc function, where an unchecked return value causing a null pointer dereference may lead to denial of service. Security Bulletin: NVIDIA SHIELD TV - January 2022 NVIDIA has released a software security update for NVIDIA SHIELD® TV. This update addresses issues that may lead to information disclosure, denial of service, code execution, or escalation of privileges. To protect your system, download and install this software update through Settings>About>System update. | |
| 2022-01-12 | CWE-476 NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where a null pointer dereference may lead to denial of service. Security Bulletin: NVIDIA SHIELD TV - January 2022 NVIDIA has released a software security update for NVIDIA SHIELD® TV. This update addresses issues that may lead to information disclosure, denial of service, code execution, or escalation of privileges. To protect your system, download and install this software update through Settings>About>System update. |