U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): nvidia
There are 500 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2021-34406

NVIDIA Tegra kernel driver contains a vulnerability in NVHost, where a specific race condition can lead to a null pointer dereference, which may lead to a system reboot.

Published: January 18, 2022; 1:15:08 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-34405

NVIDIA Linux distributions contain a vulnerability in TrustZone’s TEE_Malloc function, where an unchecked return value causing a null pointer dereference may lead to denial of service.

Published: January 18, 2022; 1:15:08 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-34404

Android images for T210 provided by NVIDIA contain a vulnerability in BROM, where failure to limit access to AHB-DMA when BROM fails may allow an unprivileged attacker with physical access to cause denial of service or impact integrity and confidentiality beyond the security scope of BROM.

Published: January 18, 2022; 1:15:08 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-34403

NVIDIA Linux distributions contain a vulnerability in nvmap ioctl, which allows any user with a local account to exploit a use-after-free condition, leading to code privilege escalation, loss of confidentiality and integrity, or denial of service.

Published: January 18, 2022; 1:15:07 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-34402

NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVDEC, where a user with high privileges might be able to read from or write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service, Information disclosure, loss of Integrity, or possible escalation of privileges.

Published: January 18, 2022; 1:15:07 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-34401

NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVGPU_IOCTL_CHANNEL_SET_ERROR_NOTIFIER, where improper access control may lead to code execution, compromised integrity, or denial of service.

Published: January 18, 2022; 1:15:07 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2022-22821

NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lead to deletion of any directory when admin privileges are available.

Published: January 10, 2022; 9:12:55 AM -0500
V3.1: 4.4 MEDIUM
V2.0: 2.1 LOW
CVE-2021-23175

NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service, affecting other resources beyond the intended security authority of GameStream.

Published: December 23, 2021; 11:15:07 AM -0500
V3.1: 8.2 HIGH
V2.0: 4.4 MEDIUM
CVE-2021-34400

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed memory, which may lead to information disclosure.

Published: November 20, 2021; 10:15:08 AM -0500
V3.1: 4.4 MEDIUM
V2.0: 2.1 LOW
CVE-2021-34399

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed registers, which may lead to information disclosure.

Published: November 20, 2021; 10:15:07 AM -0500
V3.1: 4.4 MEDIUM
V2.0: 2.1 LOW
CVE-2021-23219

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to access protected information, which may lead to information disclosure.

Published: November 20, 2021; 10:15:07 AM -0500
V3.1: 4.4 MEDIUM
V2.0: 2.1 LOW
CVE-2021-23217

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to instantiate a specifically timed DMA write to corrupt code execution, which may impact confidentiality, integrity, or availability.

Published: November 20, 2021; 10:15:07 AM -0500
V3.1: 6.7 MEDIUM
V2.0: 7.2 HIGH
CVE-2021-23201

NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller which may allow a user with elevated privileges to generate valid microcode. This could lead to information disclosure, data corruption, or denial of service of the device.

Published: November 20, 2021; 10:15:07 AM -0500
V3.1: 8.2 HIGH
V2.0: 7.2 HIGH
CVE-2021-1125

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to corrupt program data.

Published: November 20, 2021; 10:15:07 AM -0500
V3.1: 4.4 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2021-1105

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to access debug registers during runtime, which may lead to information disclosure.

Published: November 20, 2021; 10:15:07 AM -0500
V3.1: 4.4 MEDIUM
V2.0: 2.1 LOW
CVE-2021-1088

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to utilize debug mechanisms with insufficient access control, which may lead to information disclosure.

Published: November 20, 2021; 10:15:07 AM -0500
V3.1: 4.4 MEDIUM
V2.0: 2.1 LOW
CVE-2021-1123

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can deadlock, which may lead to denial of service.

Published: October 29, 2021; 4:15:09 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2021-1122

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a NULL pointer, which may lead to denial of service.

Published: October 29, 2021; 4:15:09 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2021-1121

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager kernel driver, where a vGPU can cause resource starvation among other vGPUs hosted on the same GPU, which may lead to denial of service.

Published: October 29, 2021; 4:15:08 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2021-1120

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a string provided by the guest OS may not be properly null terminated. The guest OS or attacker has no ability to push content to the plugin through this vulnerability, which may lead to information disclosure, data tampering, unauthorized code execution, and denial of service.

Published: October 29, 2021; 4:15:08 PM -0400
V3.1: 7.0 HIGH
V2.0: 4.6 MEDIUM