CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53872
https://notcve.org/view.php?id=CVE-2024-53872
25 Feb 2025 — NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5594 • CWE-125: Out-of-bounds Read •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53871
https://notcve.org/view.php?id=CVE-2024-53871
25 Feb 2025 — NVIDIA CUDA toolkit for all platforms contains a vulnerability in the nvdisasm binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability might lead to a partial denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5594 • CWE-125: Out-of-bounds Read •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53870
https://notcve.org/view.php?id=CVE-2024-53870
25 Feb 2025 — NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5594 • CWE-125: Out-of-bounds Read •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-0148
https://notcve.org/view.php?id=CVE-2024-0148
25 Feb 2025 — NVIDIA Jetson Linux and IGX OS image contains a vulnerability in the UEFI firmware RCM boot mode, where an unprivileged attacker with physical access to the device could load untrusted code. A successful exploit might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. The scope of the impacts can extend to other components. • https://nvidia.custhelp.com/app/answers/detail/a_id/5617 • CWE-447: Unimplemented or Unsupported Feature in UI •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-23359 – NVIDIA Container Toolkit mount_files Time-Of-Check Time-Of-Use Race Condition Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-23359
12 Feb 2025 — NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. This vulnerability allows remote attackers to escalate privileges on affected installations of NVIDIA Container Toolkit. An attacker must firs... • https://nvidia.custhelp.com/app/answers/detail/a_id/5616 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53880
https://notcve.org/view.php?id=CVE-2024-53880
12 Feb 2025 — NVIDIA Triton Inference Server contains a vulnerability in the model loading API, where a user could cause an integer overflow or wraparound error by loading a model with an extra-large file size that overflows an internal variable. A successful exploit of this vulnerability might lead to denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5612 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0145
https://notcve.org/view.php?id=CVE-2024-0145
12 Feb 2025 — NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause a heap-based buffer overflow issue by means of a specially crafted JPEG2000 file. A successful exploit of this vulnerability might lead to code execution and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5596 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0144
https://notcve.org/view.php?id=CVE-2024-0144
12 Feb 2025 — NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause a buffer overflow issue by means of a specially crafted JPEG2000 file. A successful exploit of this vulnerability might lead to data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5596 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0143
https://notcve.org/view.php?id=CVE-2024-0143
12 Feb 2025 — NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause an out-of-bounds write issue by means of a specially crafted JPEG2000 file. A successful exploit of this vulnerability might lead to code execution and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5596 • CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0142
https://notcve.org/view.php?id=CVE-2024-0142
12 Feb 2025 — NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause an out-of-bounds write issue by means of a specially crafted JPEG2000 file. A successful exploit of this vulnerability might lead to code execution and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5596 • CWE-787: Out-of-bounds Write •