2023 Bulletins
Search CVEs in this year by count, description, or CWE
Bulletins: 10
CVEs: 23
Search by bulletin count, CVE count, CVE description, or CWE.
Matching CVEs: 23
No matching CVEs found.
| Date | Scope | CVE / Details |
|---|---|---|
| 2023-08-28 | CWE-121 NVIDIA DGX H100 baseboard management controller (BMC) contains a vulnerability in a web server plugin, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering. Security Bulletin: NVIDIA DGX H100 - August 2023 NVIDIA has released a firmware security update for the NVIDIA DGX™ H100 system. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.<br><div><br></div><div>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>.</div> | |
| 2023-07-14 | CWE-788 NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a user with elevated privileges to cause an access beyond the end of a buffer, which may lead to code execution, escalation of privileges, denial of service and information disclosure. The scope of the impact of this vulnerability can extend to other components. Security Bulletin: NVIDIA DGX-1 - April 2023 NVIDIA has released a security update for NVIDIA DGX-1 firmware. This update addresses an issue that may lead to arbitrary code execution, denial of service, escalation of privileges, information disclosure, data tampering, and SecureBoot bypass.<div>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>.</div> | |
| 2023-07-14 | CWE-120 NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the AMI MegaRAC BMC, where an attacker with the appropriate level of authorization can cause a buffer overflow, which may lead to denial of service, information disclosure, or arbitrary code execution. Security Bulletin: NVIDIA DGX-1 - April 2023 NVIDIA has released a security update for NVIDIA DGX-1 firmware. This update addresses an issue that may lead to arbitrary code execution, denial of service, escalation of privileges, information disclosure, data tampering, and SecureBoot bypass.<div>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>.</div> | |
| 2023-06-29 | CWE-476 NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the nvdisasm binary file, where an attacker may cause a NULL pointer dereference by providing a user with a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service. Security Bulletin: NVIDIA CUDA Toolkit - June 2023 NVIDIA has released a software update for NVIDIA® CUDA® Toolkit software. To protect your system, download and install this software update from the <a href="https://developer.nvidia.com/cuda-toolkit">CUDA Toolkit Downloads</a> page. | |
| 2023-06-26 | CWE-787 NVIDIA GPU Display Driver for Windows contains a vulnerability in the user-mode layer, where an unprivileged user can cause an out-of-bounds write, which may lead to code execution, information disclosure, and denial of service. Security Bulletin: NVIDIA GPU Display Driver - June 2023 NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin.<br>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and Cloud Gaming updates, through the <a href="https://www.nvidia.com/content/nvidia/en-us/cloud-gaming/cloud-gaming-downloads.html">NVIDIA Licensing Portal</a>. | |
| 2023-04-21 | CWE-125 NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure. Security Bulletin: NVIDIA CUDA Toolkit - April 2023 NVIDIA has released a software update for NVIDIA® CUDA® Toolkit software. This update addresses security issues that may lead to code execution, limited denial of service, and limited information disclosure. To protect your system, download and install this software update from the <a href="https://developer.nvidia.com/cuda-toolkit">CUDA Toolkit Downloads</a> page. | |
| 2023-04-21 | CWE-125 NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure. Security Bulletin: NVIDIA CUDA Toolkit - April 2023 NVIDIA has released a software update for NVIDIA® CUDA® Toolkit software. This update addresses security issues that may lead to code execution, limited denial of service, and limited information disclosure. To protect your system, download and install this software update from the <a href="https://developer.nvidia.com/cuda-toolkit">CUDA Toolkit Downloads</a> page. | |
| 2023-04-21 | CWE-125 NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds memory read by running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure. Security Bulletin: NVIDIA CUDA Toolkit - April 2023 NVIDIA has released a software update for NVIDIA® CUDA® Toolkit software. This update addresses security issues that may lead to code execution, limited denial of service, and limited information disclosure. To protect your system, download and install this software update from the <a href="https://developer.nvidia.com/cuda-toolkit">CUDA Toolkit Downloads</a> page. | |
| 2023-04-21 | CWE-476 NVIDIA CUDA Toolkit SDK for Linux and Windows contains a NULL pointer dereference in cuobjdump, where a local user running the tool against a malformed binary may cause a limited denial of service. Security Bulletin: NVIDIA CUDA Toolkit - April 2023 NVIDIA has released a software update for NVIDIA® CUDA® Toolkit software. This update addresses security issues that may lead to code execution, limited denial of service, and limited information disclosure. To protect your system, download and install this software update from the <a href="https://developer.nvidia.com/cuda-toolkit">CUDA Toolkit Downloads</a> page. | |
| 2023-03-31 | CWE-122 NVIDIA DCGM for Linux contains a vulnerability in HostEngine (server component) where a user may cause a heap-based buffer overflow through the bound socket. A successful exploit of this vulnerability may lead to denial of service and data tampering. Security Bulletin: NVIDIA DCGM - March 2023 NVIDIA has released a software update for NVIDIA® Data Center GPU Manager (DCGM). The update addresses security issues that may lead to denial of service and data tampering. To protect your system, <a href="https://developer.nvidia.com/dcgm#Downloads">download and install the latest DCGM release from the CUDA repositories</a>. | |
| 2023-03-30 | CWE-787 NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds write can lead to denial of service and data tampering. Security Bulletin: NVIDIA GPU Display Driver - March 2023 NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin.<br>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and Cloud Gaming updates, through the <a href="https://www.nvidia.com/content/nvidia/en-us/cloud-gaming/cloud-gaming-downloads.html">NVIDIA Licensing Portal</a>. | |
| 2023-03-30 | CWE-119 NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds access may lead to denial of service or data tampering. Security Bulletin: NVIDIA GPU Display Driver - March 2023 NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin.<br>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and Cloud Gaming updates, through the <a href="https://www.nvidia.com/content/nvidia/en-us/cloud-gaming/cloud-gaming-downloads.html">NVIDIA Licensing Portal</a>. | |
| 2023-03-30 | CWE-476 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a NULL pointer dereference may lead to denial of service. Security Bulletin: NVIDIA GPU Display Driver - March 2023 NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin.<br>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and Cloud Gaming updates, through the <a href="https://www.nvidia.com/content/nvidia/en-us/cloud-gaming/cloud-gaming-downloads.html">NVIDIA Licensing Portal</a>. | |
| 2023-03-30 | CWE-119 NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged user can cause an out-of-bounds read, which may lead to denial of service. Security Bulletin: NVIDIA GPU Display Driver - March 2023 NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin.<br>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and Cloud Gaming updates, through the <a href="https://www.nvidia.com/content/nvidia/en-us/cloud-gaming/cloud-gaming-downloads.html">NVIDIA Licensing Portal</a>. | |
| 2023-03-30 | CWE-125 NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read can lead to denial of service. Security Bulletin: NVIDIA GPU Display Driver - March 2023 NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin.<br>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and Cloud Gaming updates, through the <a href="https://www.nvidia.com/content/nvidia/en-us/cloud-gaming/cloud-gaming-downloads.html">NVIDIA Licensing Portal</a>. | |
| 2023-03-30 | CWE-787 NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an out-of-bounds write can lead to denial of service and data tampering. Security Bulletin: NVIDIA GPU Display Driver - March 2023 NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin.<br>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and Cloud Gaming updates, through the <a href="https://www.nvidia.com/content/nvidia/en-us/cloud-gaming/cloud-gaming-downloads.html">NVIDIA Licensing Portal</a>. | |
| 2023-03-30 | CWE-787 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer where an out-of-bounds write can lead to denial of service and data tampering. Security Bulletin: NVIDIA GPU Display Driver - March 2023 NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin.<br>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and Cloud Gaming updates, through the <a href="https://www.nvidia.com/content/nvidia/en-us/cloud-gaming/cloud-gaming-downloads.html">NVIDIA Licensing Portal</a>. | |
| 2023-03-30 | CWE-787 NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an out-of-bounds write can lead to denial of service, information disclosure, and data tampering. Security Bulletin: NVIDIA GPU Display Driver - March 2023 NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin.<br>To protect your system, download and install this software update through the <a href="https://www.nvidia.com/Download/index.aspx">NVIDIA Driver Downloads</a> page or, for the vGPU software and Cloud Gaming updates, through the <a href="https://www.nvidia.com/content/nvidia/en-us/cloud-gaming/cloud-gaming-downloads.html">NVIDIA Licensing Portal</a>. | |
| 2023-03-23 | CWE-788 NVIDIA DGX-2 contains a vulnerability in OFBD where a user with high privileges and a pre-conditioned heap can cause an access beyond a buffers end, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. Security Bulletin: NVIDIA DGX-2, DGX Station A100, and DGX A100 - March 2023 NVIDIA has released a firmware security update for the NVIDIA DGX-2™ server, DGX A100 server, and DGX Station A100. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, loss of data integrity, information disclosure, or data tampering.<div>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>.</div> | |
| 2023-03-23 | CWE-120 NVIDIA BMC contains a vulnerability in the IPMI handler, where an attacker with the required privileges can cause a buffer overflow, which may lead to denial of service or code execution. Security Bulletin: NVIDIA DGX-2, DGX Station A100, and DGX A100 - March 2023 NVIDIA has released a firmware security update for the NVIDIA DGX-2™ server, DGX A100 server, and DGX Station A100. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, loss of data integrity, information disclosure, or data tampering.<div>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>.</div> | |
| 2023-03-23 | CWE-120 NVIDIA BMC contains a vulnerability in the IPMI handler, where an attacker with the required privileges can cause a buffer overflow, which may lead to denial of service or code execution. Security Bulletin: NVIDIA DGX-2, DGX Station A100, and DGX A100 - March 2023 NVIDIA has released a firmware security update for the NVIDIA DGX-2™ server, DGX A100 server, and DGX Station A100. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, loss of data integrity, information disclosure, or data tampering.<div>To protect your system, download and install this firmware update through the <a href="https://nvid.nvidia.com/dashboard/">NVIDIA Enterprise Support Portal</a>.</div> | |
| 2023-03-01 | CWE-125 NVIDIA CUDA Toolkit SDK contains a vulnerability in cuobjdump, where a local user running the tool against a malicious binary may cause an out-of-bounds read, which may result in a limited denial of service and limited information disclosure. Security Bulletin: NVIDIA CUDA Toolkit - March 2023 NVIDIA has released a software update for NVIDIA® CUDA® Toolkit software. This update addresses security issues that may lead to denial of service or information disclosure.<div>To protect your system, download and install this software update from the <a href="https://developer.nvidia.com/cuda-toolkit">CUDA Toolkit Downloads</a> page.</div> | |
| 2023-01-25 | CWE-121 NVIDIA distributions of Linux contain a vulnerability in nvdla_emu_task_submit, where unvalidated input may allow a local attacker to cause stack-based buffer overflow in kernel code, which may lead to escalation of privileges, compromised data integrity and confidentiality, and denial of service. Security Bulletin: NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, Jetson AGX Orin Series - January 2023 NVIDIA has released a software update for NVIDIA® Jetson AGX Xavier™ series, Jetson Xavier™ NX, and Jetson AGX Orin series in the NVIDIA JetPack™ software development kit (SDK). The update addresses security issues that may lead to escalation of privileges, compromised data integrity and confidentiality, and denial of service. To protect your system, download and install the latest NVIDIA JetPack SDK from <a href="https://developer.nvidia.com/embedded/downloads">NVIDIA DevZone</a>. |