Vulnerabilities > Nvidia > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-20 | CVE-2023-25525 | Unspecified vulnerability in Nvidia Cumulus Linux 5.5.0 NVIDIA Cumulus Linux contains a vulnerability in forwarding where a VxLAN-encapsulated IPv6 packet received on an SVI interface with DMAC/DIPv6 set to the link-local address of the SVI interface may be incorrectly forwarded. | 7.5 |
| 2023-09-20 | CVE-2023-25527 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nvidia DGX H100 Firmware NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory. | 7.8 |
| 2023-09-20 | CVE-2023-25529 | Information Exposure Through Discrepancy vulnerability in Nvidia DGX H100 Firmware NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s session token by observing timing discrepancies between server responses. | 8.1 |
| 2023-09-20 | CVE-2023-25532 | Insufficiently Protected Credentials vulnerability in Nvidia DGX H100 Firmware NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. | 7.5 |
| 2023-09-20 | CVE-2023-31008 | Improper Input Validation vulnerability in Nvidia DGX H100 Firmware NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. | 7.8 |
| 2023-09-12 | CVE-2023-25519 | Unspecified vulnerability in Nvidia products NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit contains a vulnerability where a restricted host may cause an incorrect user management error. | 7.8 |
| 2023-07-04 | CVE-2023-25516 | Integer Overflow or Wraparound vulnerability in Nvidia GPU Display Driver NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause an integer overflow, which may lead to information disclosure and denial of service. | 7.1 |
| 2023-07-04 | CVE-2023-25517 | Unspecified vulnerability in Nvidia GPU Display Driver NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering. | 7.1 |
| 2023-07-04 | CVE-2023-25521 | Improper Privilege Management vulnerability in Nvidia DGX A100 Firmware and DGX A800 Firmware NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not performed. | 7.8 |
| 2023-07-04 | CVE-2023-25522 | Improper Input Validation vulnerability in Nvidia DGX A100 Firmware and DGX A800 Firmware NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause improper input validation by providing configuration information in an unexpected format. | 7.8 |