Vulnerabilities > Nvidia > High

DATE CVE VULNERABILITY TITLE RISK
2022-01-18 CVE-2021-34403 Use After Free vulnerability in Nvidia Shield Experience
NVIDIA Linux distributions contain a vulnerability in nvmap ioctl, which allows any user with a local account to exploit a use-after-free condition, leading to code privilege escalation, loss of confidentiality and integrity, or denial of service.
local
low complexity
nvidia CWE-416
7.8
2022-01-18 CVE-2021-34404 Unspecified vulnerability in Nvidia Shield Experience
Android images for T210 provided by NVIDIA contain a vulnerability in BROM, where failure to limit access to AHB-DMA when BROM fails may allow an unprivileged attacker with physical access to cause denial of service or impact integrity and confidentiality beyond the security scope of BROM.
low complexity
nvidia
7.6
2021-12-23 CVE-2021-23175 Incorrect Authorization vulnerability in Nvidia Geforce Experience
NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service, affecting other resources beyond the intended security authority of GameStream.
local
low complexity
nvidia CWE-863
8.2
2021-11-20 CVE-2021-23201 Unspecified vulnerability in Nvidia products
NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller, which may allow a user with elevated privileges to generate valid microcode by identifying, exploiting, and loading vulnerable microcode.
local
high complexity
nvidia
7.5
2021-11-20 CVE-2021-23217 Unspecified vulnerability in Nvidia products
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to instantiate a DMA write operation only within a specific time window timed to corrupt code execution, which may impact confidentiality, integrity, or availability.
local
high complexity
nvidia
7.5
2021-10-29 CVE-2021-1118 Improper Privilege Management vulnerability in Nvidia Virtual GPU
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to execute privileged operations by the guest OS, which may lead to information disclosure, data tampering, escalation of privileges, and denial of service
local
low complexity
nvidia CWE-269
7.8
2021-10-29 CVE-2021-1119 Double Free vulnerability in Nvidia Virtual GPU
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can double-free a pointer, which may lead to denial of service.
local
low complexity
nvidia CWE-415
7.1
2021-10-29 CVE-2021-1120 Unspecified vulnerability in Nvidia Virtual GPU
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a string provided by the guest OS may not be properly null terminated.
local
high complexity
nvidia
7.0
2021-08-13 CVE-2021-34398 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Nvidia Data Center GPU Manager
NVIDIA DCGM, all versions prior to 2.2.9, contains a vulnerability in the DIAG module where any user can inject shared libraries into the DCGM server, which is usually running as root, which may lead to privilege escalation, total loss of confidentiality and integrity, and complete denial of service.
local
low complexity
nvidia CWE-829
7.8
2021-08-11 CVE-2021-1106 Out-of-bounds Write vulnerability in Nvidia Jetson Linux and Shield Experience
NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where writes may be allowed to read-only buffers, which may result in escalation of privileges, complete denial of service, unconstrained information disclosure, and serious data tampering of all processes on the system.
local
low complexity
nvidia CWE-787
7.8