Vulnerabilities > Nvidia > High

DATE CVE VULNERABILITY TITLE RISK
2023-09-20 CVE-2023-25525 Unspecified vulnerability in Nvidia Cumulus Linux 5.5.0
NVIDIA Cumulus Linux contains a vulnerability in forwarding where a VxLAN-encapsulated IPv6 packet received on an SVI interface with DMAC/DIPv6 set to the link-local address of the SVI interface may be incorrectly forwarded.
network
low complexity
nvidia
7.5
2023-09-20 CVE-2023-25527 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nvidia DGX H100 Firmware
NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory.
local
low complexity
nvidia CWE-119
7.8
2023-09-20 CVE-2023-25529 Information Exposure Through Discrepancy vulnerability in Nvidia DGX H100 Firmware
NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s session token by observing timing discrepancies between server responses.
network
high complexity
nvidia CWE-203
8.1
2023-09-20 CVE-2023-25532 Insufficiently Protected Credentials vulnerability in Nvidia DGX H100 Firmware
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials.
network
low complexity
nvidia CWE-522
7.5
2023-09-20 CVE-2023-31008 Improper Input Validation vulnerability in Nvidia DGX H100 Firmware
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation.
local
low complexity
nvidia CWE-20
7.8
2023-09-12 CVE-2023-25519 Unspecified vulnerability in Nvidia products
NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit contains a vulnerability where a restricted host may cause an incorrect user management error.
local
low complexity
nvidia
7.8
2023-07-04 CVE-2023-25516 Integer Overflow or Wraparound vulnerability in Nvidia GPU Display Driver
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause an integer overflow, which may lead to information disclosure and denial of service.
local
low complexity
nvidia CWE-190
7.1
2023-07-04 CVE-2023-25517 Unspecified vulnerability in Nvidia GPU Display Driver 13.0/15.0
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering.
local
low complexity
nvidia
7.1
2023-07-04 CVE-2023-25521 Improper Privilege Management vulnerability in Nvidia DGX A100 Firmware and DGX A800 Firmware
NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not performed.
local
low complexity
nvidia CWE-269
7.8
2023-07-04 CVE-2023-25522 Improper Input Validation vulnerability in Nvidia DGX A100 Firmware and DGX A800 Firmware
NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause improper input validation by providing configuration information in an unexpected format.
local
low complexity
nvidia CWE-20
7.8