CVE-2023-25524
https://notcve.org/view.php?id=CVE-2023-25524
NVIDIA Omniverse Workstation Launcher for Windows and Linux contains a vulnerability in the authentication flow, where a user’s access token is displayed in the browser user's address bar. An attacker could use this token to impersonate the user to access launcher resources. A successful exploit of this vulnerability may lead to information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5472 • CWE-598: Use of GET Request Method With Sensitive Query Strings •
CVE-2023-25523
https://notcve.org/view.php?id=CVE-2023-25523
NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the nvdisasm binary file, where an attacker may cause a NULL pointer dereference by providing a user with a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service. NVIDIA CUDA toolkit para Linux y Windows contiene una vulnerabilidad en el archivo binario "nvdisasm", donde un atacante puede provocar una desviación del puntero NULL proporcionando al usuario un archivo ELF manipulado. Una explotación exitosa de esta vulnerabilidad puede conducir a una denegación parcial de servicio. • https://nvidia.custhelp.com/app/answers/detail/a_id/5469 • CWE-476: NULL Pointer Dereference •
CVE-2023-25522
https://notcve.org/view.php?id=CVE-2023-25522
NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause improper input validation by providing configuration information in an unexpected format. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5461 • CWE-20: Improper Input Validation •
CVE-2023-25521
https://notcve.org/view.php?id=CVE-2023-25521
NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not performed. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5461 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVE-2023-25517
https://notcve.org/view.php?id=CVE-2023-25517
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5468 • CWE-285: Improper Authorization •