Vulnerabilities in NVIDIA
742 resultsVexday analysis
O portfólio de vulnerabilidades da NVIDIA reúne 693 CVEs catalogadas, com 18 classificadas como críticas e 58 surgidas nos últimos 90 dias, indicando um fluxo contínuo de descobertas que exige monitoramento ativo. Nenhuma vulnerabilidade consta atualmente no catálogo KEV da CISA, taxa que fica abaixo da média geral do catálogo, sugerindo menor pressão imediata de exploração em campo — mas não ausência de risco. A CVE mais perigosa no momento é CVE-2024-0132, com EPSS de 0,3646, o valor mais elevado observado no conjunto, o que a posiciona como prioridade de remediação. A falha mais recorrente é CWE-125 (leitura fora dos limites de buffer), padrão que tende a afetar componentes de baixo nível como drivers e firmware, onde a superfície de ataque costuma ser ampla e o impacto potencial elevado.
CVE-2022-34666MEDIUMNVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilitieEPSS 0.2%CVE-2022-31615MEDIUMNVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause EPSS 0.2%CVE-2025-23348HIGHNVIDIA Megatron-LM for all platforms contains a vulnerability in the pretrain_gpt script, where malicious data created by an attacker may caEPSS 0.2%CVE-2025-23353HIGHNVIDIA Megatron-LM for all platforms contains a vulnerability in the msdp preprocessing script where malicious data created by an attacker mEPSS 0.2%CVE-2022-42262HIGHNVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may leaEPSS 0.2%CVE-2022-42287MEDIUMNVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and download arbitrary files under certain circEPSS 0.2%CVE-2025-23354HIGHNVIDIA Megatron-LM for all platforms contains a vulnerability in the ensemble_classifer script where malicious data created by an attacker mEPSS 0.2%CVE-2025-23349HIGHNVIDIA Megatron-LM for all platforms contains a vulnerability in the tasks/orqa/unsupervised/nq.py component, where an attacker may cause a EPSS 0.2%CVE-2024-53878LOWNVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the cuobjdump binary, where a user could cause a crash by passing a maEPSS 0.2%CVE-2025-33250HIGHNVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerabiliEPSS 0.2%CVE-2021-1086HIGHNVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where it allows guests to control unauthorized resourceEPSS 0.2%CVE-2022-42291HIGH
NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inaEPSS 0.2%CVE-2025-33251HIGHNVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerabiliEPSS 0.2%CVE-2025-33241HIGHNVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by loading a maliciously crafted file. A EPSS 0.2%CVE-2021-1078MEDIUMNVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel driver (nvlddmkm.sys) where a NULL pointEPSS 0.2%CVE-2021-1112MEDIUMNVIDIA Linux kernel distributions contain a vulnerability in nvmap, where a null pointer dereference may lead to complete denial of service.EPSS 0.2%CVE-2022-34675MEDIUMNVIDIA Display Driver for Linux contains a vulnerability in the Virtual GPU Manager, where it does not check the return value from a null-poEPSS 0.2%CVE-2021-1099HIGHNVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin) that could allow an attacker to cause stack-based bufEPSS 0.2%CVE-2022-28192MEDIUMNVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where it may lead to a use-after-free, which in turn mEPSS 0.2%CVE-2023-0185MEDIUMNVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where sign conversion issuescasting an unsigned primiEPSS 0.2%