Search criteria

759 vulnerabilities by nvidia

CVE-2026-24270 (GCVE-0-2026-24270)

Vulnerability from cvelistv5 – Published: 2026-07-01 15:12 – Updated: 2026-07-01 15:56
VLAI?
Summary
NVIDIA AIStore framework contains a vulnerability where an attacker could bypass authentication. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tampering.
CWE
  • CWE-290 - Authentication Bypass by Spoofing
Assigner
Impacted products
Vendor Product Version
NVIDIA AIStore framework Affected: 0 - 4.4
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24270",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-01T15:55:58.840378Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-01T15:56:06.586Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "All"
          ],
          "product": "AIStore framework",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "0 - 4.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "NVIDIA AIStore framework contains a vulnerability where an attacker could bypass authentication. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tampering."
            }
          ],
          "value": "NVIDIA AIStore framework contains a vulnerability where an attacker could bypass authentication. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tampering."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Denial of service, escalation of privileges, information disclosure, data tampering"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-290",
              "description": "CWE-290 Authentication Bypass by Spoofing",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T15:12:00.415Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24270"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24270"
        },
        {
          "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5849"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "NVIDIA PSIRT"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2026-24270",
    "datePublished": "2026-07-01T15:12:00.415Z",
    "dateReserved": "2026-01-21T19:09:49.054Z",
    "dateUpdated": "2026-07-01T15:56:06.586Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-24266 (GCVE-0-2026-24266)

Vulnerability from cvelistv5 – Published: 2026-07-01 15:11 – Updated: 2026-07-01 15:55
VLAI?
Summary
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause a use-after-free issue. A successful exploit of this vulnerability might lead to denial of service.
CWE
Assigner
Impacted products
Vendor Product Version
NVIDIA Triton Inference Server Affected: 0.0 - 26.03
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24266",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-01T15:55:34.531343Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-01T15:55:42.553Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux"
          ],
          "product": "Triton Inference Server",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "0.0 - 26.03"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause a use-after-free issue. A successful exploit of this vulnerability might lead to denial of service."
            }
          ],
          "value": "NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause a use-after-free issue. A successful exploit of this vulnerability might lead to denial of service."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Denial of service"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T15:11:30.422Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24266"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24266"
        },
        {
          "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5848"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "NVIDIA PSIRT"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2026-24266",
    "datePublished": "2026-07-01T15:11:30.422Z",
    "dateReserved": "2026-01-21T19:09:49.054Z",
    "dateUpdated": "2026-07-01T15:55:42.553Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-24264 (GCVE-0-2026-24264)

Vulnerability from cvelistv5 – Published: 2026-07-01 15:11 – Updated: 2026-07-01 15:55
VLAI?
Summary
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause improper handling of highly compressed data. A successful exploit of this vulnerability might lead to denial of service.
CWE
  • CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)
Assigner
Impacted products
Vendor Product Version
NVIDIA Triton Inference Server Affected: 0.0 - 26.03
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24264",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-01T15:55:06.799523Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-01T15:55:16.556Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux"
          ],
          "product": "Triton Inference Server",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "0.0 - 26.03"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause improper handling of highly compressed data. A successful exploit of this vulnerability might lead to denial of service."
            }
          ],
          "value": "NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause improper handling of highly compressed data. A successful exploit of this vulnerability might lead to denial of service."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Denial of service"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-409",
              "description": "CWE-409 Improper Handling of Highly Compressed Data (Data Amplification)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T15:11:08.653Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24264"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24264"
        },
        {
          "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5848"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "NVIDIA PSIRT"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2026-24264",
    "datePublished": "2026-07-01T15:11:08.653Z",
    "dateReserved": "2026-01-21T19:09:49.054Z",
    "dateUpdated": "2026-07-01T15:55:16.556Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-24251 (GCVE-0-2026-24251)

Vulnerability from cvelistv5 – Published: 2026-07-01 14:58 – Updated: 2026-07-01 15:54
VLAI?
Summary
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
CWE
  • CWE-502 - Deserialization of Untrusted Data
Assigner
Impacted products
Vendor Product Version
NVIDIA Megatron-Bridge Affected: Versions 0.0 to 0.4.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24251",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-01T15:54:41.899683Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-01T15:54:49.582Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "All platforms"
          ],
          "product": "Megatron-Bridge",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "Versions 0.0 to 0.4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
            }
          ],
          "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Code execution, escalation of privileges, data tampering, information disclosure"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T14:58:48.711Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24251"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24251"
        },
        {
          "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5841"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "NVIDIA PSIRT"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2026-24251",
    "datePublished": "2026-07-01T14:58:48.711Z",
    "dateReserved": "2026-01-21T19:09:48.283Z",
    "dateUpdated": "2026-07-01T15:54:49.582Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-24250 (GCVE-0-2026-24250)

Vulnerability from cvelistv5 – Published: 2026-07-01 14:58 – Updated: 2026-07-01 15:54
VLAI?
Summary
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper validation of allowed inputs. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
CWE
  • CWE-502 - Deserialization of Untrusted Data
Assigner
Impacted products
Vendor Product Version
NVIDIA Megatron-Bridge Affected: Versions 0.0 to 0.4.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24250",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-01T15:54:11.357141Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-01T15:54:21.738Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "All platforms"
          ],
          "product": "Megatron-Bridge",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "Versions 0.0 to 0.4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper validation of allowed inputs. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
            }
          ],
          "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper validation of allowed inputs. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Code execution, escalation of privileges, data tampering, information disclosure"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T14:58:22.971Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24250"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24250"
        },
        {
          "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5841"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "NVIDIA PSIRT"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2026-24250",
    "datePublished": "2026-07-01T14:58:22.971Z",
    "dateReserved": "2026-01-21T19:09:47.375Z",
    "dateUpdated": "2026-07-01T15:54:21.738Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-24249 (GCVE-0-2026-24249)

Vulnerability from cvelistv5 – Published: 2026-07-01 14:57 – Updated: 2026-07-01 15:57
VLAI?
Summary
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
CWE
  • CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
Impacted products
Vendor Product Version
NVIDIA Megatron-Bridge Affected: Versions 0.0 to 0.4.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24249",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-01T15:57:02.636671Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-01T15:57:54.343Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "All platforms"
          ],
          "product": "Megatron-Bridge",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "Versions 0.0 to 0.4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
            }
          ],
          "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Code execution, escalation of privileges, data tampering, information disclosure"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T14:57:40.156Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24249"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24249"
        },
        {
          "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5841"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "NVIDIA PSIRT"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2026-24249",
    "datePublished": "2026-07-01T14:57:40.156Z",
    "dateReserved": "2026-01-21T19:09:47.375Z",
    "dateUpdated": "2026-07-01T15:57:54.343Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-24248 (GCVE-0-2026-24248)

Vulnerability from cvelistv5 – Published: 2026-07-01 14:57 – Updated: 2026-07-01 15:58
VLAI?
Summary
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
CWE
  • CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
Impacted products
Vendor Product Version
NVIDIA Megatron-Bridge Affected: Versions 0.0 to 0.4.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24248",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-01T15:58:23.907367Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-01T15:58:34.670Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "All platforms"
          ],
          "product": "Megatron-Bridge",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "Versions 0.0 to 0.4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
            }
          ],
          "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Code execution, escalation of privileges, data tampering, information disclosure"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T14:57:15.559Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24248"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24248"
        },
        {
          "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5841"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "NVIDIA PSIRT"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2026-24248",
    "datePublished": "2026-07-01T14:57:15.559Z",
    "dateReserved": "2026-01-21T19:09:47.375Z",
    "dateUpdated": "2026-07-01T15:58:34.670Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-24247 (GCVE-0-2026-24247)

Vulnerability from cvelistv5 – Published: 2026-07-01 14:56 – Updated: 2026-07-01 15:59
VLAI?
Summary
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
CWE
  • CWE-502 - Deserialization of Untrusted Data
Assigner
Impacted products
Vendor Product Version
NVIDIA Megatron-Bridge Affected: Versions 0.0 to 0.4.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24247",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-01T15:58:58.738086Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-01T15:59:10.202Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "All platforms"
          ],
          "product": "Megatron-Bridge",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "Versions 0.0 to 0.4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
            }
          ],
          "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Code execution, escalation of privileges, data tampering, information disclosure"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T14:56:43.115Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24247"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24247"
        },
        {
          "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5841"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "NVIDIA PSIRT"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2026-24247",
    "datePublished": "2026-07-01T14:56:43.115Z",
    "dateReserved": "2026-01-21T19:09:47.375Z",
    "dateUpdated": "2026-07-01T15:59:10.202Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-24246 (GCVE-0-2026-24246)

Vulnerability from cvelistv5 – Published: 2026-07-01 14:56 – Updated: 2026-07-01 15:59
VLAI?
Summary
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
CWE
  • CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Assigner
Impacted products
Vendor Product Version
NVIDIA Megatron-Bridge Affected: Versions 0.0 to 0.4.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24246",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-01T15:59:33.583373Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-01T15:59:51.577Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "All platforms"
          ],
          "product": "Megatron-Bridge",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "Versions 0.0 to 0.4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
            }
          ],
          "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Code execution, escalation of privileges, data tampering, information disclosure"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-470",
              "description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T14:56:10.358Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24246"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24246"
        },
        {
          "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5841"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "NVIDIA PSIRT"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2026-24246",
    "datePublished": "2026-07-01T14:56:10.358Z",
    "dateReserved": "2026-01-21T19:09:47.375Z",
    "dateUpdated": "2026-07-01T15:59:51.577Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-24245 (GCVE-0-2026-24245)

Vulnerability from cvelistv5 – Published: 2026-07-01 14:55 – Updated: 2026-07-01 15:56
VLAI?
Summary
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
CWE
  • CWE-502 - Deserialization of Untrusted Data
Assigner
Impacted products
Vendor Product Version
NVIDIA Megatron-Bridge Affected: Versions 0.0 to 0.4.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24245",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-01T15:56:28.421678Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-01T15:56:36.525Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "All platforms"
          ],
          "product": "Megatron-Bridge",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "Versions 0.0 to 0.4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
            }
          ],
          "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Code execution, escalation of privileges, data tampering, information disclosure"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T14:55:42.442Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24245"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24245"
        },
        {
          "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5841"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "NVIDIA PSIRT"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2026-24245",
    "datePublished": "2026-07-01T14:55:42.442Z",
    "dateReserved": "2026-01-21T19:09:47.375Z",
    "dateUpdated": "2026-07-01T15:56:36.525Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-24244 (GCVE-0-2026-24244)

Vulnerability from cvelistv5 – Published: 2026-07-01 14:53 – Updated: 2026-07-01 16:01
VLAI?
Summary
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
CWE
  • CWE-502 - Deserialization of Untrusted Data
Assigner
Impacted products
Vendor Product Version
NVIDIA Megatron-Bridge Affected: Versions 0.0 to 0.4.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24244",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-01T16:00:55.160505Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-01T16:01:05.581Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "All platforms"
          ],
          "product": "Megatron-Bridge",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "Versions 0.0 to 0.4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
            }
          ],
          "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Code execution, escalation of privileges, data tampering, information disclosure"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T14:53:08.726Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24244"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24244"
        },
        {
          "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5841"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "NVIDIA PSIRT"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2026-24244",
    "datePublished": "2026-07-01T14:53:08.726Z",
    "dateReserved": "2026-01-21T19:09:47.375Z",
    "dateUpdated": "2026-07-01T16:01:05.581Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-24243 (GCVE-0-2026-24243)

Vulnerability from cvelistv5 – Published: 2026-07-01 14:49 – Updated: 2026-07-01 16:01
VLAI?
Summary
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
CWE
  • CWE-502 - Deserialization of Untrusted Data
Assigner
Impacted products
Vendor Product Version
NVIDIA Megatron-Bridge Affected: Versions 0.0 to 0.4.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24243",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-01T16:01:31.979105Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-01T16:01:43.479Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "All platforms"
          ],
          "product": "Megatron-Bridge",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "Versions 0.0 to 0.4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
            }
          ],
          "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Code execution, escalation of privileges, data tampering, information disclosure"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T14:49:30.711Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24243"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24243"
        },
        {
          "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5841"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "NVIDIA PSIRT"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2026-24243",
    "datePublished": "2026-07-01T14:49:30.711Z",
    "dateReserved": "2026-01-21T19:09:47.375Z",
    "dateUpdated": "2026-07-01T16:01:43.479Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-24242 (GCVE-0-2026-24242)

Vulnerability from cvelistv5 – Published: 2026-07-01 14:48 – Updated: 2026-07-01 16:02
VLAI?
Summary
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause server-side request forgery. A successful exploit of this vulnerability might lead to information disclosure.
CWE
  • CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
Impacted products
Vendor Product Version
NVIDIA Megatron-Bridge Affected: Versions 0.0 to 0.4.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24242",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-01T16:02:02.255999Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-01T16:02:13.255Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "All platforms"
          ],
          "product": "Megatron-Bridge",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "Versions 0.0 to 0.4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause server-side request forgery. A successful exploit of this vulnerability might lead to information disclosure."
            }
          ],
          "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause server-side request forgery. A successful exploit of this vulnerability might lead to information disclosure."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Information disclosure"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918 Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T14:48:44.441Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24242"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24242"
        },
        {
          "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5841"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "NVIDIA PSIRT"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2026-24242",
    "datePublished": "2026-07-01T14:48:44.441Z",
    "dateReserved": "2026-01-21T19:09:47.374Z",
    "dateUpdated": "2026-07-01T16:02:13.255Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-24240 (GCVE-0-2026-24240)

Vulnerability from cvelistv5 – Published: 2026-07-01 14:43 – Updated: 2026-07-01 16:02
VLAI?
Summary
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
CWE
  • CWE-502 - Deserialization of Untrusted Data
Assigner
Impacted products
Vendor Product Version
NVIDIA Megatron-Bridge Affected: Versions 0.0 to 0.4.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24240",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-01T16:02:32.403467Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-01T16:02:40.142Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "All platforms"
          ],
          "product": "Megatron-Bridge",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "Versions 0.0 to 0.4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
            }
          ],
          "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Code execution, escalation of privileges, data tampering, information disclosure"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T14:43:24.661Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24240"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24240"
        },
        {
          "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5841"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "NVIDIA PSIRT"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2026-24240",
    "datePublished": "2026-07-01T14:43:24.661Z",
    "dateReserved": "2026-01-21T19:09:37.973Z",
    "dateUpdated": "2026-07-01T16:02:40.142Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-23351 (GCVE-0-2025-23351)

Vulnerability from cvelistv5 – Published: 2026-07-01 14:39 – Updated: 2026-07-01 16:03
VLAI?
Summary
NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device.
CWE
Assigner
Impacted products
Vendor Product Version
NVIDIA BlueField GA Affected: All versions prior to 46.3008
Create a notification for this product.
    NVIDIA BlueField LTS22 Affected: All versions prior to 35.8002
Create a notification for this product.
    NVIDIA BlueField LTS23 Affected: All versions prior to 39.8002
Create a notification for this product.
    NVIDIA BlueField LTS24 Affected: All versions prior to 43.8002
Create a notification for this product.
    NVIDIA ConnectX GA Affected: All versions prior to 46.3008
Create a notification for this product.
    NVIDIA ConnectX LTS22 Affected: All versions prior to 35.8002
Create a notification for this product.
    NVIDIA ConnectX LTS23 Affected: All versions prior to 39.8002
Create a notification for this product.
    NVIDIA ConnectX LTS24 Affected: All versions prior to 43.8002
Create a notification for this product.
    NVIDIA ConnectX-4 Affected: All versions prior to 28.4702
Create a notification for this product.
    NVIDIA ConnectX-4 LX Affected: All versions prior to 32.1908
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-23351",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-01T16:03:00.538625Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-01T16:03:10.537Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "BlueField-2(46)",
            "BlueField-3(46)"
          ],
          "product": "BlueField GA",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to 46.3008"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "BlueField-2(35)"
          ],
          "product": "BlueField LTS22",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to 35.8002"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "BlueField-2(39)",
            "BlueField-3(39)"
          ],
          "product": "BlueField LTS23",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to 39.8002"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "BlueField-2(43)",
            "BlueField-3(43)"
          ],
          "product": "BlueField LTS24",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to 43.8002"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "ConnectX-6 DE",
            "ConnectX-6 DX",
            "ConnectX-6 LX",
            "ConnectX-7",
            "ConnectX-8"
          ],
          "product": "ConnectX GA",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to 46.3008"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "ConnectX-5*",
            "ConnectX-6*",
            "ConnectX-6 DE",
            "ConnectX-6 DX",
            "ConnectX-6 LX",
            "ConnectX-7"
          ],
          "product": "ConnectX LTS22",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to 35.8002"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "ConnectX-6*",
            "ConnectX-6 DE",
            "ConnectX-6 DX",
            "ConnectX-6 LX",
            "ConnectX-7"
          ],
          "product": "ConnectX LTS23",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to 39.8002"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "ConnectX-6*",
            "ConnectX-6 DE",
            "ConnectX-6 DX",
            "ConnectX-6 LX",
            "ConnectX-7"
          ],
          "product": "ConnectX LTS24",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to 43.8002"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "N/A(28)"
          ],
          "product": "ConnectX-4",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to 28.4702"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "N/A(32)"
          ],
          "product": "ConnectX-4 LX",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to 32.1908"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device."
            }
          ],
          "value": "NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Code execution"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T14:39:03.200Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23351"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-23351"
        },
        {
          "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5699"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "NVIDIA PSIRT"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2025-23351",
    "datePublished": "2026-07-01T14:39:03.200Z",
    "dateReserved": "2025-01-14T01:07:21.737Z",
    "dateUpdated": "2026-07-01T16:03:10.537Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-23350 (GCVE-0-2025-23350)

Vulnerability from cvelistv5 – Published: 2026-07-01 14:36 – Updated: 2026-07-01 16:03
VLAI?
Summary
NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device.
CWE
Assigner
Impacted products
Vendor Product Version
NVIDIA BlueField GA Affected: All versions prior to 46.3008
Create a notification for this product.
    NVIDIA BlueField LTS22 Affected: All versions prior to 35.8002
Create a notification for this product.
    NVIDIA BlueField LTS23 Affected: All versions prior to 39.8002
Create a notification for this product.
    NVIDIA BlueField LTS24 Affected: All versions prior to 43.8002
Create a notification for this product.
    NVIDIA ConnectX GA Affected: All versions prior to 46.3008
Create a notification for this product.
    NVIDIA ConnectX LTS22 Affected: All versions prior to 35.8002
Create a notification for this product.
    NVIDIA ConnectX LTS23 Affected: All versions prior to 39.8002
Create a notification for this product.
    NVIDIA ConnectX LTS24 Affected: All versions prior to 43.8002
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-23350",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-01T16:03:24.450922Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-01T16:03:30.696Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "BlueField-2(46)",
            "BlueField-3(46)"
          ],
          "product": "BlueField GA",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to 46.3008"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "BlueField-2(35)"
          ],
          "product": "BlueField LTS22",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to 35.8002"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "BlueField-2(39)",
            "BlueField-3(39)"
          ],
          "product": "BlueField LTS23",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to 39.8002"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "BlueField-2(43)",
            "BlueField-3(43)"
          ],
          "product": "BlueField LTS24",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to 43.8002"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "ConnectX-6 DE",
            "ConnectX-6 DX",
            "ConnectX-6 LX",
            "ConnectX-7",
            "ConnectX-8"
          ],
          "product": "ConnectX GA",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to 46.3008"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "ConnectX-5*",
            "ConnectX-6*",
            "ConnectX-6 DE",
            "ConnectX-6 DX",
            "ConnectX-6 LX",
            "ConnectX-7"
          ],
          "product": "ConnectX LTS22",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to 35.8002"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "ConnectX-6*",
            "ConnectX-6 DE",
            "ConnectX-6 DX",
            "ConnectX-6 LX",
            "ConnectX-7"
          ],
          "product": "ConnectX LTS23",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to 39.8002"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "ConnectX-6*",
            "ConnectX-6 DE",
            "ConnectX-6 DX",
            "ConnectX-6 LX",
            "ConnectX-7"
          ],
          "product": "ConnectX LTS24",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to 43.8002"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device."
            }
          ],
          "value": "NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Code execution"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T14:36:19.755Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23350"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-23350"
        },
        {
          "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5699"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "NVIDIA PSIRT"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2025-23350",
    "datePublished": "2026-07-01T14:36:19.755Z",
    "dateReserved": "2025-01-14T01:07:21.737Z",
    "dateUpdated": "2026-07-01T16:03:30.696Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-24260 (GCVE-0-2026-24260)

Vulnerability from cvelistv5 – Published: 2026-07-01 14:34 – Updated: 2026-07-02 03:57
VLAI?
Summary
NVIDIA Container Toolkit for Linux contains a vulnerability where an attacker could cause a time-of-check time-of-use race condition. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, and data tampering.
CWE
  • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
Impacted products
Vendor Product Version
NVIDIA Container Toolkit Affected: All versions up to and including 1.19.0
Create a notification for this product.
    NVIDIA GPU Operator Affected: All versions up to and including 26.3.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24260",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-01T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-02T03:57:33.130Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux"
          ],
          "product": "Container Toolkit",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All versions up to and including 1.19.0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux"
          ],
          "product": "GPU Operator",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All versions up to and including 26.3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "NVIDIA Container Toolkit for Linux contains a vulnerability where an attacker could cause a time-of-check time-of-use race condition. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, and data tampering."
            }
          ],
          "value": "NVIDIA Container Toolkit for Linux contains a vulnerability where an attacker could cause a time-of-check time-of-use race condition. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, and data tampering."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Code execution, escalation of privileges, data tampering"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-367",
              "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T14:34:54.537Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24260"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24260"
        },
        {
          "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5850"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "NVIDIA PSIRT"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2026-24260",
    "datePublished": "2026-07-01T14:34:54.537Z",
    "dateReserved": "2026-01-21T19:09:48.284Z",
    "dateUpdated": "2026-07-02T03:57:33.130Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-24228 (GCVE-0-2026-24228)

Vulnerability from cvelistv5 – Published: 2026-06-16 16:09 – Updated: 2026-06-17 03:55
VLAI?
Summary
NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and information disclosure.
CWE
  • CWE-502 - Deserialization of Untrusted Data
Assigner
Impacted products
Vendor Product Version
NVIDIA NeMo Framework Affected: Versions 0.0 to 2.7.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24228",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-16T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-17T03:55:56.660Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "All platforms"
          ],
          "product": "NeMo Framework",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "Versions 0.0 to 2.7.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": true,
              "type": "text/html",
              "value": "NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and information disclosure."
            }
          ],
          "value": "NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and information disclosure."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Code execution, escalation of privileges, information disclosure, data tampering"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-16T16:09:39.524Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24228"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24228"
        },
        {
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5839"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "NVIDIA PSIRT"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2026-24228",
    "datePublished": "2026-06-16T16:09:12.282Z",
    "dateReserved": "2026-01-21T19:09:36.965Z",
    "dateUpdated": "2026-06-17T03:55:56.660Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-24155 (GCVE-0-2026-24155)

Vulnerability from cvelistv5 – Published: 2026-06-16 16:08 – Updated: 2026-06-17 03:55
VLAI?
Summary
NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
CWE
  • CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
Impacted products
Vendor Product Version
NVIDIA NeMo Framework Affected: Versions 0.0 to 2.7.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24155",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-16T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-17T03:55:57.755Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "All platforms"
          ],
          "product": "NeMo Framework",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "Versions 0.0 to 2.7.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": true,
              "type": "text/html",
              "value": "NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering."
            }
          ],
          "value": "NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Code execution, escalation of privileges, information disclosure, data tampering"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-16T16:08:40.609Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24155"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24155"
        },
        {
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5839"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "NVIDIA PSIRT"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2026-24155",
    "datePublished": "2026-06-16T16:08:40.609Z",
    "dateReserved": "2026-01-21T19:09:29.851Z",
    "dateUpdated": "2026-06-17T03:55:57.755Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-24180 (GCVE-0-2026-24180)

Vulnerability from cvelistv5 – Published: 2026-06-09 16:11 – Updated: 2026-06-09 23:39
VLAI?
Summary
NVIDIA DALI contains a vulnerability in a component where an attacker could cause a heap-based buffer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure.
CWE
  • CWE-122 - Heap-based Buffer Overflow
Assigner
Impacted products
Vendor Product Version
NVIDIA DALI Affected: 0.0 - 2.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24180",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-09T18:26:24.398468Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-09T18:39:10.212Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "All"
          ],
          "product": "DALI",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "0.0 - 2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": true,
              "type": "text/html",
              "value": "NVIDIA DALI contains a vulnerability in a component where an attacker could cause a heap-based buffer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure."
            }
          ],
          "value": "NVIDIA DALI contains a vulnerability in a component where an attacker could cause a heap-based buffer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Code execution, data tampering, denial of service, information disclosure"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-09T23:39:14.072Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24180"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24180"
        },
        {
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5814"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "NVIDIA PSIRT"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2026-24180",
    "datePublished": "2026-06-09T16:11:40.309Z",
    "dateReserved": "2026-01-21T19:09:31.779Z",
    "dateUpdated": "2026-06-09T23:39:14.072Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-24181 (GCVE-0-2026-24181)

Vulnerability from cvelistv5 – Published: 2026-06-09 16:11 – Updated: 2026-06-09 23:45
VLAI?
Summary
NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure.
CWE
  • CWE-129 - Improper Validation of Array Index
Assigner
Impacted products
Vendor Product Version
NVIDIA DALI Affected: 0.0 - 2.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24181",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-09T18:25:44.888173Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-09T18:39:15.861Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "All"
          ],
          "product": "DALI",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "0.0 - 2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": true,
              "type": "text/html",
              "value": "NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure."
            }
          ],
          "value": "NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Code execution, data tampering, denial of service, information disclosure"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-129",
              "description": "CWE-129 Improper Validation of Array Index",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-09T23:45:57.096Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24181"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24181"
        },
        {
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5814"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "NVIDIA PSIRT"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2026-24181",
    "datePublished": "2026-06-09T16:11:00.347Z",
    "dateReserved": "2026-01-21T19:09:32.731Z",
    "dateUpdated": "2026-06-09T23:45:57.096Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-24237 (GCVE-0-2026-24237)

Vulnerability from cvelistv5 – Published: 2026-06-02 16:49 – Updated: 2026-06-02 18:24
VLAI?
Summary
NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.
CWE
  • CWE-502 - Deserialization of Untrusted Data
Assigner
Impacted products
Vendor Product Version
NVIDIA NVTabular Affected: 0.0 to 5dd11f4
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24237",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-02T18:15:44.556470Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-02T18:24:35.257Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "All"
          ],
          "product": "NVTabular",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "0.0 to 5dd11f4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": true,
              "type": "text/html",
              "value": "NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure."
            }
          ],
          "value": "NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Code execution, data tampering, information disclosure, denial of service"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-02T16:49:48.157Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24237"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24237"
        },
        {
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5851"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "NVIDIA PSIRT"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2026-24237",
    "datePublished": "2026-06-02T16:49:48.157Z",
    "dateReserved": "2026-01-21T19:09:37.973Z",
    "dateUpdated": "2026-06-02T18:24:35.257Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-24221 (GCVE-0-2026-24221)

Vulnerability from cvelistv5 – Published: 2026-06-02 16:48 – Updated: 2026-06-02 18:24
VLAI?
Summary
NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering and information disclosure.
CWE
  • CWE-502 - Deserialization of Untrusted Data
Assigner
Impacted products
Vendor Product Version
NVIDIA NVTabular Affected: 0.0 to 5dd11f4
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24221",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-02T18:16:08.035555Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-02T18:24:41.185Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "All"
          ],
          "product": "NVTabular",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "0.0 to 5dd11f4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": true,
              "type": "text/html",
              "value": "NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering and information disclosure."
            }
          ],
          "value": "NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering and information disclosure."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Data tampering, information disclosure, denial of service"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-02T16:48:58.868Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24221"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24221"
        },
        {
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5851"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "NVIDIA PSIRT"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2026-24221",
    "datePublished": "2026-06-02T16:48:58.868Z",
    "dateReserved": "2026-01-21T19:09:36.964Z",
    "dateUpdated": "2026-06-02T18:24:41.185Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-33221 (GCVE-0-2025-33221)

Vulnerability from cvelistv5 – Published: 2026-05-26 17:26 – Updated: 2026-05-27 15:36
VLAI?
Summary
NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service.
CWE
  • CWE-20 - Improper Input Validation
Assigner
Impacted products
Vendor Product Version
NVIDIA GeForce Affected: All driver versions prior to 595.71.05
Create a notification for this product.
    NVIDIA GeForce Affected: All driver versions prior to 580.159.03
Create a notification for this product.
    NVIDIA GeForce Affected: All driver versions prior to 535.309.01
Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 595.71.05
Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 580.159.03
Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 535.309.01
Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 595.71.05
Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 580.159.03
Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 535.309.01
Create a notification for this product.
    NVIDIA Guest driver Affected: 595.58.03(All versions prior to and including vGPU 20.0)
Create a notification for this product.
    NVIDIA Guest driver Affected: 580.126.09(All versions prior to and including vGPU 19.4)
Create a notification for this product.
    NVIDIA Guest driver Affected: 535.288.01(All versions prior to and including vGPU 16.13)
Create a notification for this product.
    NVIDIA Guest driver Affected: 595.58.03(All versions up to and including the March 2026 release)
Create a notification for this product.
    NVIDIA GeForce Affected: All driver versions prior to 596.36
Create a notification for this product.
    NVIDIA GeForce Affected: All driver versions prior to 582.53 Only GPUs based on the NVIDIA Maxwell, Volta, and Pascal GPU architectures are affected.
Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 596.36
Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 582.53
Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 539.72
Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 596.36
Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 582.53
Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 539.72
Create a notification for this product.
    NVIDIA Guest driver Affected: 595.97(All versions prior to and including vGPU 20.0)
Create a notification for this product.
    NVIDIA Guest driver Affected: 582.16(All versions prior to and including vGPU 19.4)
Create a notification for this product.
    NVIDIA Guest driver Affected: 539.64(All versions prior to and including vGPU 16.13)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-33221",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-26T18:22:48.086550Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-26T18:35:34.507Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R595)"
          ],
          "product": "GeForce",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 595.71.05"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R580)"
          ],
          "product": "GeForce",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 580.159.03"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R535)"
          ],
          "product": "GeForce",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 535.309.01"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R595)"
          ],
          "product": "NVIDIA RTX, Quadro, NVS",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 595.71.05"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R580)"
          ],
          "product": "NVIDIA RTX, Quadro, NVS",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 580.159.03"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R535)"
          ],
          "product": "NVIDIA RTX, Quadro, NVS",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 535.309.01"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R595)"
          ],
          "product": "Tesla",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 595.71.05"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R580)"
          ],
          "product": "Tesla",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 580.159.03"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R535)"
          ],
          "product": "Tesla",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 535.309.01"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R595 vGPU 20)"
          ],
          "product": "Guest driver",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "595.58.03(All versions prior to and including vGPU 20.0)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R580 vGPU 19)"
          ],
          "product": "Guest driver",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "580.126.09(All versions prior to and including vGPU 19.4)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R535 vGPU 16)"
          ],
          "product": "Guest driver",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "535.288.01(All versions prior to and including vGPU 16.13)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(Cloud Gaming)"
          ],
          "product": "Guest driver",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "595.58.03(All versions up to and including the March 2026 release)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R595)"
          ],
          "product": "GeForce",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 596.36"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R580)"
          ],
          "product": "GeForce",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 582.53 Only GPUs based on the NVIDIA Maxwell, Volta, and Pascal GPU architectures are affected."
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R595)"
          ],
          "product": "NVIDIA RTX, Quadro, NVS",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 596.36"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R580)"
          ],
          "product": "NVIDIA RTX, Quadro, NVS",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 582.53"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R535)"
          ],
          "product": "NVIDIA RTX, Quadro, NVS",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 539.72"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R595)"
          ],
          "product": "Tesla",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 596.36"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R580)"
          ],
          "product": "Tesla",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 582.53"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R535)"
          ],
          "product": "Tesla",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 539.72"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R595 vGPU 20)"
          ],
          "product": "Guest driver",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "595.97(All versions prior to and including vGPU 20.0)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R580 vGPU 19)"
          ],
          "product": "Guest driver",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "582.16(All versions prior to and including vGPU 19.4)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R535 vGPU 16)"
          ],
          "product": "Guest driver",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "539.64(All versions prior to and including vGPU 16.13)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": true,
              "type": "text/html",
              "value": "NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service."
            }
          ],
          "value": "NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Data tampering, denial of service"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-27T15:36:35.699Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33221"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-33221"
        },
        {
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5821"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "NVIDIA PSIRT"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2025-33221",
    "datePublished": "2026-05-26T17:26:29.463Z",
    "dateReserved": "2025-04-15T18:51:06.915Z",
    "dateUpdated": "2026-05-27T15:36:35.699Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-24201 (GCVE-0-2026-24201)

Vulnerability from cvelistv5 – Published: 2026-05-26 17:25 – Updated: 2026-05-27 15:47
VLAI?
Summary
NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause an out-of-bound access. A successful exploit of this vulnerability might lead to data tampering, denial of service, or information disclosure.
CWE
Assigner
Impacted products
Vendor Product Version
NVIDIA Virtual GPU Manager Affected: 595.58.02(All versions up to and including the March 2026 release)
Create a notification for this product.
    NVIDIA Virtual GPU Manager Affected: 595.58.02(All versions prior to and including vGPU 20.0)
Create a notification for this product.
    NVIDIA Virtual GPU Manager Affected: 580.126.08(All versions prior to and including vGPU 19.4)
Create a notification for this product.
    NVIDIA Virtual GPU Manager Affected: 535.288.01(All versions prior to and including vGPU 16.13)
Create a notification for this product.
    NVIDIA Virtual GPU Manager Affected: 595.94(All versions prior to and including vGPU 20.0)
Create a notification for this product.
    NVIDIA Virtual GPU Manager Affected: 582.16(All versions prior to and including vGPU 19.4)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24201",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-26T18:31:33.843327Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-26T18:35:48.997Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Red Hat Enterprise Linux KVM",
            "VMware vSphere(Cloud Gaming)"
          ],
          "product": "Virtual GPU Manager",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "595.58.02(All versions up to and including the March 2026 release)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "XenServer",
            "VMware vSphere",
            "Red Hat Enterprise Linux KVM",
            "Ubuntu(R595 vGPU 20)"
          ],
          "product": "Virtual GPU Manager",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "595.58.02(All versions prior to and including vGPU 20.0)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "XenServer",
            "VMware vSphere",
            "Red Hat Enterprise Linux KVM",
            "Ubuntu(R580 vGPU 19)"
          ],
          "product": "Virtual GPU Manager",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "580.126.08(All versions prior to and including vGPU 19.4)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "XenServer",
            "VMware vSphere",
            "Red Hat Enterprise Linux KVM",
            "Ubuntu(R535 vGPU 16)"
          ],
          "product": "Virtual GPU Manager",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "535.288.01(All versions prior to and including vGPU 16.13)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Azure Local",
            "Windows Server(R595 vGPU 20)"
          ],
          "product": "Virtual GPU Manager",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "595.94(All versions prior to and including vGPU 20.0)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Azure Local",
            "Windows Server(R580 vGPU 19)"
          ],
          "product": "Virtual GPU Manager",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "582.16(All versions prior to and including vGPU 19.4)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": true,
              "type": "text/html",
              "value": "NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause an out-of-bound access. A successful exploit of this vulnerability might lead to data tampering, denial of service, or information disclosure."
            }
          ],
          "value": "NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause an out-of-bound access. A successful exploit of this vulnerability might lead to data tampering, denial of service, or information disclosure."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Data tampering, denial of service, information disclosure"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-27T15:47:19.731Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24201"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24201"
        },
        {
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5821"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "NVIDIA PSIRT"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2026-24201",
    "datePublished": "2026-05-26T17:25:24.217Z",
    "dateReserved": "2026-01-21T19:09:34.870Z",
    "dateUpdated": "2026-05-27T15:47:19.731Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-24200 (GCVE-0-2026-24200)

Vulnerability from cvelistv5 – Published: 2026-05-26 17:24 – Updated: 2026-05-27 15:46
VLAI?
Summary
NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause a use-after-free for stack memory. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
CWE
Assigner
Impacted products
Vendor Product Version
NVIDIA Virtual GPU Manager Affected: 595.58.02(All versions up to and including the March 2026 release)
Create a notification for this product.
    NVIDIA Virtual GPU Manager Affected: 580.126.08(All versions prior to and including vGPU 19.4)
Create a notification for this product.
    NVIDIA Virtual GPU Manager Affected: 535.288.01(All versions prior to and including vGPU 16.13)
Create a notification for this product.
    NVIDIA Virtual GPU Manager Affected: 595.94(All versions prior to and including vGPU 20.0)
Create a notification for this product.
    NVIDIA Virtual GPU Manager Affected: 582.16(All versions prior to and including vGPU 19.4)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24200",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-26T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-27T03:55:54.721Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Red Hat Enterprise Linux KVM",
            "VMware vSphere(Cloud Gaming)"
          ],
          "product": "Virtual GPU Manager",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "595.58.02(All versions up to and including the March 2026 release)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "XenServer",
            "VMware vSphere",
            "Red Hat Enterprise Linux KVM",
            "Ubuntu(R595 vGPU 20)"
          ],
          "product": "Virtual GPU Manager",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "580.126.08(All versions prior to and including vGPU 19.4)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "XenServer",
            "VMware vSphere",
            "Red Hat Enterprise Linux KVM",
            "Ubuntu(R580 vGPU 19)"
          ],
          "product": "Virtual GPU Manager",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "535.288.01(All versions prior to and including vGPU 16.13)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Azure Local",
            "Windows Server(R595 vGPU 20)"
          ],
          "product": "Virtual GPU Manager",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "595.94(All versions prior to and including vGPU 20.0)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Azure Local",
            "Windows Server(R580 vGPU 19)"
          ],
          "product": "Virtual GPU Manager",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "582.16(All versions prior to and including vGPU 19.4)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": true,
              "type": "text/html",
              "value": "NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause a use-after-free for stack memory. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution."
            }
          ],
          "value": "NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause a use-after-free for stack memory. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Denial of service, escalation of privileges, information disclosure, data tampering, code execution"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-27T15:46:42.305Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24200"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24200"
        },
        {
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5821"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "NVIDIA PSIRT"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2026-24200",
    "datePublished": "2026-05-26T17:24:48.456Z",
    "dateReserved": "2026-01-21T19:09:34.080Z",
    "dateUpdated": "2026-05-27T15:46:42.305Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-24194 (GCVE-0-2026-24194)

Vulnerability from cvelistv5 – Published: 2026-05-26 17:24 – Updated: 2026-05-27 15:41
VLAI?
Summary
NVIDIA Display Driver for Linux contains a vulnerability in a kernel mode layer handler, where a user could cause improper permission handling. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
CWE
  • CWE-281 - Improper Preservation of Permissions
Assigner
Impacted products
Vendor Product Version
NVIDIA GeForce Affected: All driver versions prior to 595.71.05
Create a notification for this product.
    NVIDIA GeForce Affected: All driver versions prior to 580.159.03
Create a notification for this product.
    NVIDIA GeForce Affected: All driver versions prior to 535.309.01
Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 595.71.05
Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 580.159.03
Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 535.309.01
Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 595.71.05
Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 580.159.03
Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 535.309.01
Create a notification for this product.
    NVIDIA Guest driver Affected: 595.58.03(All versions prior to and including vGPU 20.0)
Create a notification for this product.
    NVIDIA Guest driver Affected: 580.126.09(All versions prior to and including vGPU 19.4)
Create a notification for this product.
    NVIDIA Guest driver Affected: 535.288.01(All versions prior to and including vGPU 16.13)
Create a notification for this product.
    NVIDIA Guest driver Affected: 595.58.03(All versions up to and including the March 2026 release)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24194",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-26T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-27T03:56:05.890Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R595)"
          ],
          "product": "GeForce",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 595.71.05"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R580)"
          ],
          "product": "GeForce",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 580.159.03"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R535)"
          ],
          "product": "GeForce",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 535.309.01"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R595)"
          ],
          "product": "NVIDIA RTX, Quadro, NVS",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 595.71.05"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R580)"
          ],
          "product": "NVIDIA RTX, Quadro, NVS",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 580.159.03"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R535)"
          ],
          "product": "NVIDIA RTX, Quadro, NVS",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 535.309.01"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R595)"
          ],
          "product": "Tesla",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 595.71.05"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R580)"
          ],
          "product": "Tesla",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 580.159.03"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R535)"
          ],
          "product": "Tesla",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 535.309.01"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R595 vGPU 20)"
          ],
          "product": "Guest driver",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "595.58.03(All versions prior to and including vGPU 20.0)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R580 vGPU 19)"
          ],
          "product": "Guest driver",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "580.126.09(All versions prior to and including vGPU 19.4)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R535 vGPU 16)"
          ],
          "product": "Guest driver",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "535.288.01(All versions prior to and including vGPU 16.13)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(Cloud Gaming)"
          ],
          "product": "Guest driver",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "595.58.03(All versions up to and including the March 2026 release)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": true,
              "type": "text/html",
              "value": "NVIDIA Display Driver for Linux contains a vulnerability in a kernel mode layer handler, where a user could cause improper permission handling. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution."
            }
          ],
          "value": "NVIDIA Display Driver for Linux contains a vulnerability in a kernel mode layer handler, where a user could cause improper permission handling. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Denial of service, escalation of privileges, information disclosure, data tampering, code execution"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-281",
              "description": "CWE-281 Improper Preservation of Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-27T15:41:55.643Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24194"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24194"
        },
        {
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5821"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "NVIDIA PSIRT"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2026-24194",
    "datePublished": "2026-05-26T17:24:13.664Z",
    "dateReserved": "2026-01-21T19:09:34.079Z",
    "dateUpdated": "2026-05-27T15:41:55.643Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-24191 (GCVE-0-2026-24191)

Vulnerability from cvelistv5 – Published: 2026-05-26 17:23 – Updated: 2026-05-27 15:40
VLAI?
Summary
NVIDIA Display Driver for Windows contains a vulnerability where an attacker could cause a time-of-check time-of-use issue. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
CWE
  • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
Impacted products
Vendor Product Version
NVIDIA GeForce Affected: All driver versions prior to 596.36
Create a notification for this product.
    NVIDIA GeForce Affected: All driver versions prior to 582.53 Only GPUs based on the NVIDIA Maxwell, Volta, and Pascal GPU architectures are affected.
Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 596.36
Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 582.53
Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 539.72
Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 596.36
Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 582.53
Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 539.72
Create a notification for this product.
    NVIDIA Guest driver Affected: 595.97(All versions prior to and including vGPU 20.0)
Create a notification for this product.
    NVIDIA Guest driver Affected: 582.16(All versions prior to and including vGPU 19.4)
Create a notification for this product.
    NVIDIA Guest driver Affected: 539.64(All versions prior to and including vGPU 16.13)
Create a notification for this product.
    NVIDIA Virtual GPU Manager Affected: 595.94(All versions prior to and including vGPU 20.0)
Create a notification for this product.
    NVIDIA Virtual GPU Manager Affected: 582.16(All versions prior to and including vGPU 19.4)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24191",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-26T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-27T03:56:04.708Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R595)"
          ],
          "product": "GeForce",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 596.36"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R580)"
          ],
          "product": "GeForce",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 582.53 Only GPUs based on the NVIDIA Maxwell, Volta, and Pascal GPU architectures are affected."
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R595)"
          ],
          "product": "NVIDIA RTX, Quadro, NVS",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 596.36"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R580)"
          ],
          "product": "NVIDIA RTX, Quadro, NVS",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 582.53"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R535)"
          ],
          "product": "NVIDIA RTX, Quadro, NVS",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 539.72"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R595)"
          ],
          "product": "Tesla",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 596.36"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R580)"
          ],
          "product": "Tesla",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 582.53"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R535)"
          ],
          "product": "Tesla",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 539.72"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R595 vGPU 20)"
          ],
          "product": "Guest driver",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "595.97(All versions prior to and including vGPU 20.0)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R580 vGPU 19)"
          ],
          "product": "Guest driver",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "582.16(All versions prior to and including vGPU 19.4)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R535 vGPU 16)"
          ],
          "product": "Guest driver",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "539.64(All versions prior to and including vGPU 16.13)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Azure Local",
            "Windows Server(R595 vGPU 20)"
          ],
          "product": "Virtual GPU Manager",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "595.94(All versions prior to and including vGPU 20.0)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Azure Local",
            "Windows Server(R580 vGPU 19)"
          ],
          "product": "Virtual GPU Manager",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "582.16(All versions prior to and including vGPU 19.4)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": true,
              "type": "text/html",
              "value": "NVIDIA Display Driver for Windows contains a vulnerability where an attacker could cause a time-of-check time-of-use issue. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution."
            }
          ],
          "value": "NVIDIA Display Driver for Windows contains a vulnerability where an attacker could cause a time-of-check time-of-use issue. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Denial of service, escalation of privileges, information disclosure, data tampering, code execution"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-367",
              "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-27T15:40:06.029Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24191"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24191"
        },
        {
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5821"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "NVIDIA PSIRT"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2026-24191",
    "datePublished": "2026-05-26T17:23:25.753Z",
    "dateReserved": "2026-01-21T19:09:34.079Z",
    "dateUpdated": "2026-05-27T15:40:06.029Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-24190 (GCVE-0-2026-24190)

Vulnerability from cvelistv5 – Published: 2026-05-26 17:22 – Updated: 2026-05-27 15:39
VLAI?
Summary
NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user could cause improper access to GPU resources. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
CWE
Assigner
Impacted products
Vendor Product Version
NVIDIA GeForce Affected: All driver versions prior to 595.71.05
Create a notification for this product.
    NVIDIA GeForce Affected: All driver versions prior to 580.159.03
Create a notification for this product.
    NVIDIA GeForce Affected: All driver versions prior to 535.309.01
Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 595.71.05
Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 580.159.03
Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 535.309.01
Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 595.71.05
Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 580.159.03
Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 535.309.01
Create a notification for this product.
    NVIDIA GeForce Affected: All driver versions prior to 596.36
Create a notification for this product.
    NVIDIA GeForce Affected: All driver versions prior to 582.53 Only GPUs based on the NVIDIA Maxwell, Volta, and Pascal GPU architectures are affected.
Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 596.36
Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 582.53
Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 539.72
Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 596.36
Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 582.53
Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 539.72
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24190",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-26T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-27T03:56:03.201Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R595)"
          ],
          "product": "GeForce",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 595.71.05"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R580)"
          ],
          "product": "GeForce",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 580.159.03"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R535)"
          ],
          "product": "GeForce",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 535.309.01"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R595)"
          ],
          "product": "NVIDIA RTX, Quadro, NVS",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 595.71.05"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R580)"
          ],
          "product": "NVIDIA RTX, Quadro, NVS",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 580.159.03"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R535)"
          ],
          "product": "NVIDIA RTX, Quadro, NVS",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 535.309.01"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R595)"
          ],
          "product": "Tesla",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 595.71.05"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R580)"
          ],
          "product": "Tesla",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 580.159.03"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R535)"
          ],
          "product": "Tesla",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 535.309.01"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R595)"
          ],
          "product": "GeForce",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 596.36"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R580)"
          ],
          "product": "GeForce",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 582.53 Only GPUs based on the NVIDIA Maxwell, Volta, and Pascal GPU architectures are affected."
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R595)"
          ],
          "product": "NVIDIA RTX, Quadro, NVS",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 596.36"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R580)"
          ],
          "product": "NVIDIA RTX, Quadro, NVS",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 582.53"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R535)"
          ],
          "product": "NVIDIA RTX, Quadro, NVS",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 539.72"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R595)"
          ],
          "product": "Tesla",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 596.36"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R580)"
          ],
          "product": "Tesla",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 582.53"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R535)"
          ],
          "product": "Tesla",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 539.72"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": true,
              "type": "text/html",
              "value": "NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user could cause improper access to GPU resources. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution."
            }
          ],
          "value": "NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user could cause improper access to GPU resources. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Denial of service, escalation of privileges, information disclosure, data tampering, code execution"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-27T15:39:23.833Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24190"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24190"
        },
        {
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5821"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "NVIDIA PSIRT"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2026-24190",
    "datePublished": "2026-05-26T17:22:41.269Z",
    "dateReserved": "2026-01-21T19:09:32.733Z",
    "dateUpdated": "2026-05-27T15:39:23.833Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-24193 (GCVE-0-2026-24193)

Vulnerability from cvelistv5 – Published: 2026-05-26 17:21 – Updated: 2026-05-27 15:41
VLAI?
Summary
NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
CWE
Assigner
Impacted products
Vendor Product Version
NVIDIA GeForce Affected: All driver versions prior to 580.159.03
Create a notification for this product.
    NVIDIA GeForce Affected: All driver versions prior to 535.309.01
Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 580.159.03
Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 535.309.01
Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 580.159.03
Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 535.309.01
Create a notification for this product.
    NVIDIA GeForce Affected: All driver versions prior to 582.53 Only GPUs based on the NVIDIA Maxwell, Volta, and Pascal GPU architectures are affected.
Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 582.53
Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 539.72
Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 582.53
Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 539.72
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24193",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-26T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-27T03:56:00.847Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R580)"
          ],
          "product": "GeForce",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 580.159.03"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R535)"
          ],
          "product": "GeForce",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 535.309.01"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R580)"
          ],
          "product": "NVIDIA RTX, Quadro, NVS",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 580.159.03"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R535)"
          ],
          "product": "NVIDIA RTX, Quadro, NVS",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 535.309.01"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R580)"
          ],
          "product": "Tesla",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 580.159.03"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R535)"
          ],
          "product": "Tesla",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 535.309.01"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R580)"
          ],
          "product": "GeForce",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 582.53 Only GPUs based on the NVIDIA Maxwell, Volta, and Pascal GPU architectures are affected."
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R580)"
          ],
          "product": "NVIDIA RTX, Quadro, NVS",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 582.53"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R535)"
          ],
          "product": "NVIDIA RTX, Quadro, NVS",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 539.72"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R580)"
          ],
          "product": "Tesla",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 582.53"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R535)"
          ],
          "product": "Tesla",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 539.72"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": true,
              "type": "text/html",
              "value": "NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution."
            }
          ],
          "value": "NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Denial of service, escalation of privileges, information disclosure, data tampering, code execution"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-27T15:41:19.055Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24193"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24193"
        },
        {
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5821"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "NVIDIA PSIRT"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2026-24193",
    "datePublished": "2026-05-26T17:21:42.334Z",
    "dateReserved": "2026-01-21T19:09:34.079Z",
    "dateUpdated": "2026-05-27T15:41:19.055Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}