Vulnerabilities > Nvidia > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-06-21 CVE-2021-34387 Incorrect Default Permissions vulnerability in Nvidia Jetson Linux
The ARM TrustZone Technology on which Trusty is based on contains a vulnerability in access permission settings where the portion of the DRAM reserved for TrustZone is identity-mapped by TLK with read, write, and execute permissions, which gives write access to kernel code and data that is otherwise mapped read only.
local
low complexity
nvidia CWE-276
6.7
2021-06-21 CVE-2021-34389 Memory Leak vulnerability in Nvidia Jetson Linux
Trusty contains a vulnerability in NVIDIA OTE protocol message parsing code, which is present in all the TAs.
local
low complexity
nvidia CWE-401
5.0
2021-04-29 CVE-2021-1087 Unspecified vulnerability in Nvidia Virtual GPU Manager
NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin), which could allow an attacker to retrieve information that could lead to a Address Space Layout Randomization (ASLR) bypass.
local
low complexity
nvidia
5.5
2021-04-21 CVE-2021-1078 NULL Pointer Dereference vulnerability in Nvidia GPU Display Driver
NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel driver (nvlddmkm.sys) where a NULL pointer dereference may lead to system crash.
local
low complexity
nvidia CWE-476
5.5
2021-04-21 CVE-2021-1077 Improper Resource Shutdown or Release vulnerability in Nvidia GPU Display Driver
NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver branch, contains a vulnerability where the software uses a reference count to manage a resource that is incorrectly updated, which may lead to denial of service.
local
low complexity
nvidia CWE-404
5.5
2021-04-20 CVE-2021-1079 Unspecified vulnerability in Nvidia Geforce Experience
NVIDIA GeForce Experience, all versions prior to 3.22, contains a vulnerability in GameStream plugins where log files are created using NT/System level permissions, which may lead to code execution, denial of service, or local privilege escalation.
local
low complexity
nvidia
6.1
2021-01-26 CVE-2021-1071 Unspecified vulnerability in Nvidia Linux for Tegra R21.6/R24.2.2
NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver in which improper access control may lead to unauthorized users gaining access to system power usage data, which may lead to information disclosure.
local
low complexity
nvidia
5.5
2021-01-20 CVE-2021-1069 NULL Pointer Dereference vulnerability in Nvidia Linux for Tegra and Shield Experience
NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVHost function, which may lead to abnormal reboot due to a null pointer reference, causing data loss.
local
low complexity
nvidia CWE-476
6.1
2021-01-20 CVE-2021-1067 Unspecified vulnerability in Nvidia Shield Experience
NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the implementation of the RPMB command status, in which an attacker can write to the Write Protect Configuration Block, which may lead to denial of service or escalation of privileges.
low complexity
nvidia
6.8
2021-01-08 CVE-2021-1066 Improper Input Validation vulnerability in Nvidia Virtual GPU Manager
NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which input data is not validated, which may lead to unexpected consumption of resources, which in turn may lead to denial of service.
local
low complexity
nvidia CWE-20
5.5