Vulnerabilities > Nvidia > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-01-18 CVE-2021-34402 Out-of-bounds Write vulnerability in Nvidia Shield Experience
NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVDEC, where a user with high privileges might be able to read from or write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service, Information disclosure, loss of Integrity, or possible escalation of privileges.
local
low complexity
nvidia CWE-787
6.7
2022-01-18 CVE-2021-34403 Use After Free vulnerability in Nvidia Shield Experience
NVIDIA Linux distributions contain a vulnerability in nvmap ioctl, which allows any user with a local account to exploit a use-after-free condition, leading to code privilege escalation, loss of confidentiality and integrity, or denial of service.
local
low complexity
nvidia CWE-416
4.6
2022-01-18 CVE-2021-34404 Unspecified vulnerability in Nvidia Shield Experience
Android images for T210 provided by NVIDIA contain a vulnerability in BROM, where failure to limit access to AHB-DMA when BROM fails may allow an unprivileged attacker with physical access to cause denial of service or impact integrity and confidentiality beyond the security scope of BROM.
local
low complexity
nvidia
4.6
2022-01-18 CVE-2021-34405 Unchecked Return Value vulnerability in Nvidia Shield Experience
NVIDIA Linux distributions contain a vulnerability in TrustZone’s TEE_Malloc function, where an unchecked return value causing a null pointer dereference may lead to denial of service.
local
low complexity
nvidia CWE-252
5.5
2022-01-18 CVE-2021-34406 NULL Pointer Dereference vulnerability in Nvidia Shield Experience
NVIDIA Tegra kernel driver contains a vulnerability in NVHost, where a specific race condition can lead to a null pointer dereference, which may lead to a system reboot.
local
nvidia CWE-476
4.7
2021-12-23 CVE-2021-23175 Incorrect Authorization vulnerability in Nvidia Geforce Experience
NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service, affecting other resources beyond the intended security authority of GameStream.
local
nvidia CWE-863
4.4
2021-11-20 CVE-2021-1125 Unspecified vulnerability in Nvidia products
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to corrupt program data.
local
low complexity
nvidia
4.9
2021-11-20 CVE-2021-23201 Unspecified vulnerability in Nvidia products
NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller, which may allow a user with elevated privileges to generate valid microcode by identifying, exploiting, and loading vulnerable microcode.
local
nvidia
6.9
2021-11-20 CVE-2021-23217 Unspecified vulnerability in Nvidia products
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to instantiate a DMA write operation only within a specific time window timed to corrupt code execution, which may impact confidentiality, integrity, or availability.
local
nvidia
6.9
2021-10-29 CVE-2021-1118 Improper Privilege Management vulnerability in Nvidia Virtual GPU
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to execute privileged operations by the guest OS, which may lead to information disclosure, data tampering, escalation of privileges, and denial of service
local
low complexity
nvidia CWE-269
4.6