Vulnerabilities > Nvidia > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-02-15 CVE-2022-21818 Cleartext Storage of Sensitive Information vulnerability in Nvidia License System
NVIDIA License System contains a vulnerability in the installation scripts for the DLS virtual appliance, where a user on a network after signing in to the portal can access other users’ credentials, allowing them to gain escalated privileges, resulting in limited impact to both confidentiality and integrity.
network
low complexity
nvidia CWE-312
5.4
2022-02-07 CVE-2022-21813 Improper Handling of Exceptional Conditions vulnerability in Nvidia products
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service.
local
low complexity
nvidia CWE-755
6.1
2022-02-07 CVE-2022-21814 Improper Handling of Exceptional Conditions vulnerability in Nvidia products
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver package, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service.
local
low complexity
nvidia CWE-755
6.1
2022-02-07 CVE-2022-21815 NULL Pointer Dereference vulnerability in Nvidia products
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system crash.
local
low complexity
nvidia CWE-476
5.5
2022-02-07 CVE-2022-21816 Missing Authentication for Critical Function vulnerability in Nvidia Cloud Gaming Virtual GPU and Virtual GPU
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where a user in the guest OS can cause a GPU interrupt storm on the hypervisor host, leading to a denial of service.
local
low complexity
nvidia CWE-306
5.5
2022-01-18 CVE-2021-34402 Out-of-bounds Write vulnerability in Nvidia Shield Experience
NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVDEC, where a user with high privileges might be able to read from or write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service, Information disclosure, loss of Integrity, or possible escalation of privileges.
local
low complexity
nvidia CWE-787
6.7
2022-01-18 CVE-2021-34405 Unchecked Return Value vulnerability in Nvidia Shield Experience
NVIDIA Linux distributions contain a vulnerability in TrustZone’s TEE_Malloc function, where an unchecked return value causing a null pointer dereference may lead to denial of service.
local
low complexity
nvidia CWE-252
5.5
2022-01-18 CVE-2021-34406 NULL Pointer Dereference vulnerability in Nvidia Shield Experience
NVIDIA Tegra kernel driver contains a vulnerability in NVHost, where a specific race condition can lead to a null pointer dereference, which may lead to a system reboot.
local
high complexity
nvidia CWE-476
4.7
2022-01-10 CVE-2022-22821 Path Traversal vulnerability in Nvidia Nemo
NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lead to deletion of any directory when admin privileges are available.
local
low complexity
nvidia CWE-22
4.4
2021-11-20 CVE-2021-1088 Unspecified vulnerability in Nvidia products
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to utilize debug mechanisms with insufficient access control, which may lead to information disclosure.
local
low complexity
nvidia
4.4