Vulnerabilities in NVIDIA
742 resultsVexday analysis
O portfólio de vulnerabilidades da NVIDIA reúne 693 CVEs catalogadas, com 18 classificadas como críticas e 58 surgidas nos últimos 90 dias, indicando um fluxo contínuo de descobertas que exige monitoramento ativo. Nenhuma vulnerabilidade consta atualmente no catálogo KEV da CISA, taxa que fica abaixo da média geral do catálogo, sugerindo menor pressão imediata de exploração em campo — mas não ausência de risco. A CVE mais perigosa no momento é CVE-2024-0132, com EPSS de 0,3646, o valor mais elevado observado no conjunto, o que a posiciona como prioridade de remediação. A falha mais recorrente é CWE-125 (leitura fora dos limites de buffer), padrão que tende a afetar componentes de baixo nível como drivers e firmware, onde a superfície de ataque costuma ser ampla e o impacto potencial elevado.
CVE-2021-34389MEDIUMTrusty contains a vulnerability in NVIDIA OTE protocol message parsing code, which is present in all the TAs. An incorrect bounds check can EPSS 0.3%CVE-2021-34372HIGHTrusty (the trusted OS produced by NVIDIA for Jetson devices) driver contains a vulnerability in the NVIDIA OTE protocol message parsing codEPSS 0.3%CVE-2026-24149HIGHNVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injeEPSS 0.3%CVE-2026-24154HIGHNVIDIA Jetson Linux has vulnerability in initrd, where an unprivileged attacker with physical access coul inject incorrect command line arguEPSS 0.3%CVE-2022-42260HIGHNVIDIA vGPU Display Driver for Linux guest contains a vulnerability in a D-Bus configuration file, where an unauthorized user in the guest VEPSS 0.3%CVE-2022-28193MEDIUMNVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted daEPSS 0.3%CVE-2022-42274HIGHNVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service EPSS 0.3%CVE-2022-42271HIGHNVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service EPSS 0.3%CVE-2021-34373HIGHTrusty trusted Linux kernel (TLK) contains a vulnerability in the NVIDIA TLK kernel where a lack of heap hardening could cause heap overflowEPSS 0.3%CVE-2025-33203HIGHNVIDIA NeMo Agent Toolkit UI for Web contains a vulnerability in the chat API endpoint where an attacker may cause a Server-Side Request ForEPSS 0.3%CVE-2022-28191MEDIUMNVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where uncontrolled resource consumption can be triggerEPSS 0.3%CVE-2025-33215MEDIUMNVIDIA SNAP-4 Container contains a vulnerability in the VIRTIO-BLK component where a malicious guest VM may cause use of out-of-range pointeEPSS 0.3%CVE-2025-33216MEDIUMNVIDIA SNAP-4 Container contains a vulnerability in the configuration interface where an attacker on a VM may cause an incorrect calculationEPSS 0.3%CVE-2021-1098HIGHNVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it doesn't release some resources during driveEPSS 0.3%CVE-2021-1097HIGHNVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it improperly validates the length field in a EPSS 0.3%CVE-2021-1081HIGHNVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and Virtual GPU manager (vGPU plugin), in which an input lengtEPSS 0.3%CVE-2022-34673MEDIUMNVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lEPSS 0.3%CVE-2023-0198MEDIUMNVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bEPSS 0.3%CVE-2021-1084HIGHNVIDIA vGPU driver contains a vulnerability in the guest kernel mode driver and Virtual GPU Manager (vGPU plugin), in which an input length EPSS 0.3%CVE-2021-1082HIGHNVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which mayEPSS 0.3%