Vulnerabilities > Nvidia > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-08-06 CVE-2019-5686 Improper Input Validation vulnerability in Nvidia GPU Driver
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software uses an API function or data structure in a way that relies on properties that are not always guaranteed to be valid, which may lead to denial of service.
local
low complexity
nvidia CWE-20
4.9
2019-07-19 CVE-2019-5680 Improper Input Validation vulnerability in Nvidia Jetson TX1 Firmware
In NVIDIA Jetson TX1 L4T R32 version branch prior to R32.2, Tegra bootloader contains a vulnerability in nvtboot in which the nvtboot-cpu image is loaded without the load address first being validated, which may lead to code execution, denial of service, or escalation of privileges.
local
low complexity
nvidia CWE-20
4.6
2019-06-05 CVE-2017-6261 Improper Input Validation vulnerability in Nvidia Vibrante Linux 1.1/2.0/2.2
NVIDIA Vibrante Linux version 1.1, 2.0, and 2.2 contains a vulnerability in the user space driver in which protection mechanisms are insufficient, may lead to denial of service or information disclosure.
local
low complexity
nvidia CWE-20
4.6
2019-05-31 CVE-2019-5678 Improper Input Validation vulnerability in Nvidia Geforce Experience
NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly validated.
local
low complexity
nvidia microsoft CWE-20
4.6
2019-05-10 CVE-2019-5677 Out-of-bounds Read vulnerability in Nvidia GPU Driver
NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DeviceIoControl where the software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer, which may lead to denial of service.
local
low complexity
nvidia CWE-125
4.9
2019-04-12 CVE-2018-6269 Incorrect Permission Assignment for Critical Resource vulnerability in Nvidia Jetson TX2 R28.1/R28.2.1
NVIDIA Jetson TX2 contains a vulnerability in the kernel driver where input/output control (IOCTL) handling for user mode requests could create a non-trusted pointer dereference, which may lead to information disclosure, denial of service, escalation of privileges, or code execution.
local
low complexity
nvidia CWE-732
4.6
2019-04-11 CVE-2019-5672 Key Management Errors vulnerability in Nvidia Jetson TX1 and Jetson TX2
NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system (on all versions prior to R28.3) where the Secure Shell (SSH) keys provided in the sample rootfs are not replaced by unique host keys after sample rootsfs generation and flashing, which may lead to information disclosure.
network
low complexity
nvidia CWE-320
6.4
2019-04-01 CVE-2018-3979 Resource Exhaustion vulnerability in multiple products
A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution.
network
low complexity
canonical nvidia CWE-400
6.5
2019-03-28 CVE-2019-5674 Link Following vulnerability in Nvidia Geforce Experience
NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled.
local
nvidia CWE-59
6.9
2019-02-27 CVE-2019-5671 Missing Release of Resource after Effective Lifetime vulnerability in Nvidia GPU Driver
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software does not release a resource after its effective lifetime has ended, which may lead to denial of service.
local
low complexity
nvidia microsoft CWE-772
4.9