Search

Find a vulnerability

Search criteria

    780 vulnerabilities by NVIDIA

    CVE-2026-24270 (GCVE-0-2026-24270)

    Vulnerability from nvd – Published: 2026-07-01 15:12 – Updated: 2026-07-01 15:56
    VLAI
    Summary
    NVIDIA AIStore framework contains a vulnerability where an attacker could bypass authentication. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tampering.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-290 - Authentication Bypass by Spoofing
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA AIStore framework Affected: 0 - 4.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24270",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:55:58.840378Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:56:06.586Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All"
              ],
              "product": "AIStore framework",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "0 - 4.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA AIStore framework contains a vulnerability where an attacker could bypass authentication. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tampering."
                }
              ],
              "value": "NVIDIA AIStore framework contains a vulnerability where an attacker could bypass authentication. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tampering."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of service, escalation of privileges, information disclosure, data tampering"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-290",
                  "description": "CWE-290 Authentication Bypass by Spoofing",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T15:12:00.415Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24270"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24270"
            },
            {
              "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5849"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24270",
        "datePublished": "2026-07-01T15:12:00.415Z",
        "dateReserved": "2026-01-21T19:09:49.054Z",
        "dateUpdated": "2026-07-01T15:56:06.586Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24266 (GCVE-0-2026-24266)

    Vulnerability from nvd – Published: 2026-07-01 15:11 – Updated: 2026-07-01 15:55
    VLAI
    Summary
    NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause a use-after-free issue. A successful exploit of this vulnerability might lead to denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA Triton Inference Server Affected: 0.0 - 26.03
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24266",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:55:34.531343Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:55:42.553Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "Triton Inference Server",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.0 - 26.03"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause a use-after-free issue. A successful exploit of this vulnerability might lead to denial of service."
                }
              ],
              "value": "NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause a use-after-free issue. A successful exploit of this vulnerability might lead to denial of service."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of service"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T15:11:30.422Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24266"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24266"
            },
            {
              "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5848"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24266",
        "datePublished": "2026-07-01T15:11:30.422Z",
        "dateReserved": "2026-01-21T19:09:49.054Z",
        "dateUpdated": "2026-07-01T15:55:42.553Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24264 (GCVE-0-2026-24264)

    Vulnerability from nvd – Published: 2026-07-01 15:11 – Updated: 2026-07-01 15:55
    VLAI
    Summary
    NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause improper handling of highly compressed data. A successful exploit of this vulnerability might lead to denial of service.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA Triton Inference Server Affected: 0.0 - 26.03
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24264",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:55:06.799523Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:55:16.556Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "Triton Inference Server",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.0 - 26.03"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause improper handling of highly compressed data. A successful exploit of this vulnerability might lead to denial of service."
                }
              ],
              "value": "NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause improper handling of highly compressed data. A successful exploit of this vulnerability might lead to denial of service."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of service"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-409",
                  "description": "CWE-409 Improper Handling of Highly Compressed Data (Data Amplification)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T15:11:08.653Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24264"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24264"
            },
            {
              "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5848"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24264",
        "datePublished": "2026-07-01T15:11:08.653Z",
        "dateReserved": "2026-01-21T19:09:49.054Z",
        "dateUpdated": "2026-07-01T15:55:16.556Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24260 (GCVE-0-2026-24260)

    Vulnerability from nvd – Published: 2026-07-01 14:34 – Updated: 2026-07-02 03:57
    VLAI
    Summary
    NVIDIA Container Toolkit for Linux contains a vulnerability where an attacker could cause a time-of-check time-of-use race condition. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, and data tampering.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA Container Toolkit Affected: All versions up to and including 1.19.0
    Create a notification for this product.
    NVIDIA GPU Operator Affected: All versions up to and including 26.3.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24260",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T03:57:33.130Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "Container Toolkit",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions up to and including 1.19.0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "GPU Operator",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions up to and including 26.3.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA Container Toolkit for Linux contains a vulnerability where an attacker could cause a time-of-check time-of-use race condition. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, and data tampering."
                }
              ],
              "value": "NVIDIA Container Toolkit for Linux contains a vulnerability where an attacker could cause a time-of-check time-of-use race condition. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, and data tampering."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution, escalation of privileges, data tampering"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-367",
                  "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:34:54.537Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24260"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24260"
            },
            {
              "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5850"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24260",
        "datePublished": "2026-07-01T14:34:54.537Z",
        "dateReserved": "2026-01-21T19:09:48.284Z",
        "dateUpdated": "2026-07-02T03:57:33.130Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24251 (GCVE-0-2026-24251)

    Vulnerability from nvd – Published: 2026-07-01 14:58 – Updated: 2026-07-01 15:54
    VLAI
    Summary
    NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA Megatron-Bridge Affected: Versions 0.0 to 0.4.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24251",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:54:41.899683Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:54:49.582Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All platforms"
              ],
              "product": "Megatron-Bridge",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 0.0 to 0.4.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
                }
              ],
              "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution, escalation of privileges, data tampering, information disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:58:48.711Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24251"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24251"
            },
            {
              "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5841"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24251",
        "datePublished": "2026-07-01T14:58:48.711Z",
        "dateReserved": "2026-01-21T19:09:48.283Z",
        "dateUpdated": "2026-07-01T15:54:49.582Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24250 (GCVE-0-2026-24250)

    Vulnerability from nvd – Published: 2026-07-01 14:58 – Updated: 2026-07-01 15:54
    VLAI
    Summary
    NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper validation of allowed inputs. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA Megatron-Bridge Affected: Versions 0.0 to 0.4.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24250",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:54:11.357141Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:54:21.738Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All platforms"
              ],
              "product": "Megatron-Bridge",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 0.0 to 0.4.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper validation of allowed inputs. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
                }
              ],
              "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper validation of allowed inputs. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution, escalation of privileges, data tampering, information disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:58:22.971Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24250"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24250"
            },
            {
              "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5841"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24250",
        "datePublished": "2026-07-01T14:58:22.971Z",
        "dateReserved": "2026-01-21T19:09:47.375Z",
        "dateUpdated": "2026-07-01T15:54:21.738Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24249 (GCVE-0-2026-24249)

    Vulnerability from nvd – Published: 2026-07-01 14:57 – Updated: 2026-07-01 15:57
    VLAI
    Summary
    NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA Megatron-Bridge Affected: Versions 0.0 to 0.4.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24249",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:57:02.636671Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:57:54.343Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All platforms"
              ],
              "product": "Megatron-Bridge",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 0.0 to 0.4.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
                }
              ],
              "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution, escalation of privileges, data tampering, information disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:57:40.156Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24249"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24249"
            },
            {
              "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5841"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24249",
        "datePublished": "2026-07-01T14:57:40.156Z",
        "dateReserved": "2026-01-21T19:09:47.375Z",
        "dateUpdated": "2026-07-01T15:57:54.343Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24248 (GCVE-0-2026-24248)

    Vulnerability from nvd – Published: 2026-07-01 14:57 – Updated: 2026-07-01 15:58
    VLAI
    Summary
    NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA Megatron-Bridge Affected: Versions 0.0 to 0.4.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24248",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:58:23.907367Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:58:34.670Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All platforms"
              ],
              "product": "Megatron-Bridge",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 0.0 to 0.4.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
                }
              ],
              "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution, escalation of privileges, data tampering, information disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:57:15.559Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24248"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24248"
            },
            {
              "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5841"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24248",
        "datePublished": "2026-07-01T14:57:15.559Z",
        "dateReserved": "2026-01-21T19:09:47.375Z",
        "dateUpdated": "2026-07-01T15:58:34.670Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24247 (GCVE-0-2026-24247)

    Vulnerability from nvd – Published: 2026-07-01 14:56 – Updated: 2026-07-01 15:59
    VLAI
    Summary
    NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA Megatron-Bridge Affected: Versions 0.0 to 0.4.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24247",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:58:58.738086Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:59:10.202Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All platforms"
              ],
              "product": "Megatron-Bridge",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 0.0 to 0.4.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
                }
              ],
              "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution, escalation of privileges, data tampering, information disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:56:43.115Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24247"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24247"
            },
            {
              "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5841"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24247",
        "datePublished": "2026-07-01T14:56:43.115Z",
        "dateReserved": "2026-01-21T19:09:47.375Z",
        "dateUpdated": "2026-07-01T15:59:10.202Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24246 (GCVE-0-2026-24246)

    Vulnerability from nvd – Published: 2026-07-01 14:56 – Updated: 2026-07-01 15:59
    VLAI
    Summary
    NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA Megatron-Bridge Affected: Versions 0.0 to 0.4.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24246",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:59:33.583373Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:59:51.577Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All platforms"
              ],
              "product": "Megatron-Bridge",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 0.0 to 0.4.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
                }
              ],
              "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution, escalation of privileges, data tampering, information disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-470",
                  "description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:56:10.358Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24246"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24246"
            },
            {
              "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5841"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24246",
        "datePublished": "2026-07-01T14:56:10.358Z",
        "dateReserved": "2026-01-21T19:09:47.375Z",
        "dateUpdated": "2026-07-01T15:59:51.577Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24245 (GCVE-0-2026-24245)

    Vulnerability from nvd – Published: 2026-07-01 14:55 – Updated: 2026-07-01 15:56
    VLAI
    Summary
    NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA Megatron-Bridge Affected: Versions 0.0 to 0.4.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24245",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:56:28.421678Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:56:36.525Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All platforms"
              ],
              "product": "Megatron-Bridge",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 0.0 to 0.4.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
                }
              ],
              "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution, escalation of privileges, data tampering, information disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:55:42.442Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24245"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24245"
            },
            {
              "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5841"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24245",
        "datePublished": "2026-07-01T14:55:42.442Z",
        "dateReserved": "2026-01-21T19:09:47.375Z",
        "dateUpdated": "2026-07-01T15:56:36.525Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24244 (GCVE-0-2026-24244)

    Vulnerability from nvd – Published: 2026-07-01 14:53 – Updated: 2026-07-01 16:01
    VLAI
    Summary
    NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA Megatron-Bridge Affected: Versions 0.0 to 0.4.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24244",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T16:00:55.160505Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T16:01:05.581Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All platforms"
              ],
              "product": "Megatron-Bridge",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 0.0 to 0.4.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
                }
              ],
              "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution, escalation of privileges, data tampering, information disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:53:08.726Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24244"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24244"
            },
            {
              "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5841"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24244",
        "datePublished": "2026-07-01T14:53:08.726Z",
        "dateReserved": "2026-01-21T19:09:47.375Z",
        "dateUpdated": "2026-07-01T16:01:05.581Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24243 (GCVE-0-2026-24243)

    Vulnerability from nvd – Published: 2026-07-01 14:49 – Updated: 2026-07-01 16:01
    VLAI
    Summary
    NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA Megatron-Bridge Affected: Versions 0.0 to 0.4.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24243",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T16:01:31.979105Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T16:01:43.479Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All platforms"
              ],
              "product": "Megatron-Bridge",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 0.0 to 0.4.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
                }
              ],
              "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution, escalation of privileges, data tampering, information disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:49:30.711Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24243"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24243"
            },
            {
              "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5841"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24243",
        "datePublished": "2026-07-01T14:49:30.711Z",
        "dateReserved": "2026-01-21T19:09:47.375Z",
        "dateUpdated": "2026-07-01T16:01:43.479Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24242 (GCVE-0-2026-24242)

    Vulnerability from nvd – Published: 2026-07-01 14:48 – Updated: 2026-07-01 16:02
    VLAI
    Summary
    NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause server-side request forgery. A successful exploit of this vulnerability might lead to information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA Megatron-Bridge Affected: Versions 0.0 to 0.4.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24242",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T16:02:02.255999Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T16:02:13.255Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All platforms"
              ],
              "product": "Megatron-Bridge",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 0.0 to 0.4.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause server-side request forgery. A successful exploit of this vulnerability might lead to information disclosure."
                }
              ],
              "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause server-side request forgery. A successful exploit of this vulnerability might lead to information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Information disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:48:44.441Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24242"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24242"
            },
            {
              "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5841"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24242",
        "datePublished": "2026-07-01T14:48:44.441Z",
        "dateReserved": "2026-01-21T19:09:47.374Z",
        "dateUpdated": "2026-07-01T16:02:13.255Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24240 (GCVE-0-2026-24240)

    Vulnerability from nvd – Published: 2026-07-01 14:43 – Updated: 2026-07-01 16:02
    VLAI
    Summary
    NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA Megatron-Bridge Affected: Versions 0.0 to 0.4.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24240",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T16:02:32.403467Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T16:02:40.142Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All platforms"
              ],
              "product": "Megatron-Bridge",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 0.0 to 0.4.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
                }
              ],
              "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution, escalation of privileges, data tampering, information disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:43:24.661Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24240"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24240"
            },
            {
              "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5841"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24240",
        "datePublished": "2026-07-01T14:43:24.661Z",
        "dateReserved": "2026-01-21T19:09:37.973Z",
        "dateUpdated": "2026-07-01T16:02:40.142Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-23351 (GCVE-0-2025-23351)

    Vulnerability from nvd – Published: 2026-07-01 14:39 – Updated: 2026-07-01 16:03
    VLAI
    Summary
    NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA BlueField GA Affected: All versions prior to 46.3008
    Create a notification for this product.
    NVIDIA BlueField LTS22 Affected: All versions prior to 35.8002
    Create a notification for this product.
    NVIDIA BlueField LTS23 Affected: All versions prior to 39.8002
    Create a notification for this product.
    NVIDIA BlueField LTS24 Affected: All versions prior to 43.8002
    Create a notification for this product.
    NVIDIA ConnectX GA Affected: All versions prior to 46.3008
    Create a notification for this product.
    NVIDIA ConnectX LTS22 Affected: All versions prior to 35.8002
    Create a notification for this product.
    NVIDIA ConnectX LTS23 Affected: All versions prior to 39.8002
    Create a notification for this product.
    NVIDIA ConnectX LTS24 Affected: All versions prior to 43.8002
    Create a notification for this product.
    NVIDIA ConnectX-4 Affected: All versions prior to 28.4702
    Create a notification for this product.
    NVIDIA ConnectX-4 LX Affected: All versions prior to 32.1908
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-23351",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T16:03:00.538625Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T16:03:10.537Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2(46)",
                "BlueField-3(46)"
              ],
              "product": "BlueField GA",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 46.3008"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2(35)"
              ],
              "product": "BlueField LTS22",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 35.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2(39)",
                "BlueField-3(39)"
              ],
              "product": "BlueField LTS23",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 39.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2(43)",
                "BlueField-3(43)"
              ],
              "product": "BlueField LTS24",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 43.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7",
                "ConnectX-8"
              ],
              "product": "ConnectX GA",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 46.3008"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-5*",
                "ConnectX-6*",
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7"
              ],
              "product": "ConnectX LTS22",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 35.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-6*",
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7"
              ],
              "product": "ConnectX LTS23",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 39.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-6*",
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7"
              ],
              "product": "ConnectX LTS24",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 43.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "N/A(28)"
              ],
              "product": "ConnectX-4",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 28.4702"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "N/A(32)"
              ],
              "product": "ConnectX-4 LX",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 32.1908"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device."
                }
              ],
              "value": "NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:39:03.200Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23351"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2025-23351"
            },
            {
              "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5699"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2025-23351",
        "datePublished": "2026-07-01T14:39:03.200Z",
        "dateReserved": "2025-01-14T01:07:21.737Z",
        "dateUpdated": "2026-07-01T16:03:10.537Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-23350 (GCVE-0-2025-23350)

    Vulnerability from nvd – Published: 2026-07-01 14:36 – Updated: 2026-07-01 16:03
    VLAI
    Summary
    NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA BlueField GA Affected: All versions prior to 46.3008
    Create a notification for this product.
    NVIDIA BlueField LTS22 Affected: All versions prior to 35.8002
    Create a notification for this product.
    NVIDIA BlueField LTS23 Affected: All versions prior to 39.8002
    Create a notification for this product.
    NVIDIA BlueField LTS24 Affected: All versions prior to 43.8002
    Create a notification for this product.
    NVIDIA ConnectX GA Affected: All versions prior to 46.3008
    Create a notification for this product.
    NVIDIA ConnectX LTS22 Affected: All versions prior to 35.8002
    Create a notification for this product.
    NVIDIA ConnectX LTS23 Affected: All versions prior to 39.8002
    Create a notification for this product.
    NVIDIA ConnectX LTS24 Affected: All versions prior to 43.8002
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-23350",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T16:03:24.450922Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T16:03:30.696Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2(46)",
                "BlueField-3(46)"
              ],
              "product": "BlueField GA",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 46.3008"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2(35)"
              ],
              "product": "BlueField LTS22",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 35.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2(39)",
                "BlueField-3(39)"
              ],
              "product": "BlueField LTS23",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 39.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2(43)",
                "BlueField-3(43)"
              ],
              "product": "BlueField LTS24",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 43.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7",
                "ConnectX-8"
              ],
              "product": "ConnectX GA",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 46.3008"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-5*",
                "ConnectX-6*",
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7"
              ],
              "product": "ConnectX LTS22",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 35.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-6*",
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7"
              ],
              "product": "ConnectX LTS23",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 39.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-6*",
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7"
              ],
              "product": "ConnectX LTS24",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 43.8002"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device."
                }
              ],
              "value": "NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:36:19.755Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23350"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2025-23350"
            },
            {
              "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5699"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2025-23350",
        "datePublished": "2026-07-01T14:36:19.755Z",
        "dateReserved": "2025-01-14T01:07:21.737Z",
        "dateUpdated": "2026-07-01T16:03:30.696Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24228 (GCVE-0-2026-24228)

    Vulnerability from nvd – Published: 2026-06-16 16:09 – Updated: 2026-06-17 03:55
    VLAI
    Summary
    NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA NeMo Framework Affected: Versions 0.0 to 2.7.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24228",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-16T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-17T03:55:56.660Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All platforms"
              ],
              "product": "NeMo Framework",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 0.0 to 2.7.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": true,
                  "type": "text/html",
                  "value": "NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and information disclosure."
                }
              ],
              "value": "NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution, escalation of privileges, information disclosure, data tampering"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-16T16:09:39.524Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24228"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24228"
            },
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5839"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24228",
        "datePublished": "2026-06-16T16:09:12.282Z",
        "dateReserved": "2026-01-21T19:09:36.965Z",
        "dateUpdated": "2026-06-17T03:55:56.660Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24155 (GCVE-0-2026-24155)

    Vulnerability from nvd – Published: 2026-06-16 16:08 – Updated: 2026-06-17 03:55
    VLAI
    Summary
    NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA NeMo Framework Affected: Versions 0.0 to 2.7.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24155",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-16T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-17T03:55:57.755Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All platforms"
              ],
              "product": "NeMo Framework",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 0.0 to 2.7.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": true,
                  "type": "text/html",
                  "value": "NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering."
                }
              ],
              "value": "NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution, escalation of privileges, information disclosure, data tampering"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-16T16:08:40.609Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24155"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24155"
            },
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5839"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24155",
        "datePublished": "2026-06-16T16:08:40.609Z",
        "dateReserved": "2026-01-21T19:09:29.851Z",
        "dateUpdated": "2026-06-17T03:55:57.755Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24181 (GCVE-0-2026-24181)

    Vulnerability from nvd – Published: 2026-06-09 16:11 – Updated: 2026-06-09 23:45
    VLAI
    Summary
    NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-129 - Improper Validation of Array Index
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA DALI Affected: 0.0 - 2.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24181",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T18:25:44.888173Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T18:39:15.861Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All"
              ],
              "product": "DALI",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.0 - 2.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": true,
                  "type": "text/html",
                  "value": "NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure."
                }
              ],
              "value": "NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution, data tampering, denial of service, information disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-129",
                  "description": "CWE-129 Improper Validation of Array Index",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T23:45:57.096Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24181"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24181"
            },
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5814"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24181",
        "datePublished": "2026-06-09T16:11:00.347Z",
        "dateReserved": "2026-01-21T19:09:32.731Z",
        "dateUpdated": "2026-06-09T23:45:57.096Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24180 (GCVE-0-2026-24180)

    Vulnerability from nvd – Published: 2026-06-09 16:11 – Updated: 2026-06-09 23:39
    VLAI
    Summary
    NVIDIA DALI contains a vulnerability in a component where an attacker could cause a heap-based buffer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA DALI Affected: 0.0 - 2.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24180",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T18:26:24.398468Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T18:39:10.212Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All"
              ],
              "product": "DALI",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.0 - 2.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": true,
                  "type": "text/html",
                  "value": "NVIDIA DALI contains a vulnerability in a component where an attacker could cause a heap-based buffer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure."
                }
              ],
              "value": "NVIDIA DALI contains a vulnerability in a component where an attacker could cause a heap-based buffer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution, data tampering, denial of service, information disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T23:39:14.072Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24180"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24180"
            },
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5814"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24180",
        "datePublished": "2026-06-09T16:11:40.309Z",
        "dateReserved": "2026-01-21T19:09:31.779Z",
        "dateUpdated": "2026-06-09T23:39:14.072Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24237 (GCVE-0-2026-24237)

    Vulnerability from nvd – Published: 2026-06-02 16:49 – Updated: 2026-06-02 18:24
    VLAI
    Summary
    NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA NVTabular Affected: 0.0 to 5dd11f4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24237",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-02T18:15:44.556470Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T18:24:35.257Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All"
              ],
              "product": "NVTabular",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.0 to 5dd11f4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": true,
                  "type": "text/html",
                  "value": "NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure."
                }
              ],
              "value": "NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution, data tampering, information disclosure, denial of service"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-02T16:49:48.157Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24237"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24237"
            },
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5851"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24237",
        "datePublished": "2026-06-02T16:49:48.157Z",
        "dateReserved": "2026-01-21T19:09:37.973Z",
        "dateUpdated": "2026-06-02T18:24:35.257Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24221 (GCVE-0-2026-24221)

    Vulnerability from nvd – Published: 2026-06-02 16:48 – Updated: 2026-06-02 18:24
    VLAI
    Summary
    NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA NVTabular Affected: 0.0 to 5dd11f4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24221",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-02T18:16:08.035555Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T18:24:41.185Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All"
              ],
              "product": "NVTabular",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.0 to 5dd11f4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": true,
                  "type": "text/html",
                  "value": "NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering and information disclosure."
                }
              ],
              "value": "NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Data tampering, information disclosure, denial of service"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-02T16:48:58.868Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24221"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24221"
            },
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5851"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24221",
        "datePublished": "2026-06-02T16:48:58.868Z",
        "dateReserved": "2026-01-21T19:09:36.964Z",
        "dateUpdated": "2026-06-02T18:24:41.185Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24201 (GCVE-0-2026-24201)

    Vulnerability from nvd – Published: 2026-05-26 17:25 – Updated: 2026-05-27 15:47
    VLAI
    Summary
    NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause an out-of-bound access. A successful exploit of this vulnerability might lead to data tampering, denial of service, or information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA Virtual GPU Manager Affected: 595.58.02(All versions up to and including the March 2026 release)
    Create a notification for this product.
    NVIDIA Virtual GPU Manager Affected: 595.58.02(All versions prior to and including vGPU 20.0)
    Create a notification for this product.
    NVIDIA Virtual GPU Manager Affected: 580.126.08(All versions prior to and including vGPU 19.4)
    Create a notification for this product.
    NVIDIA Virtual GPU Manager Affected: 535.288.01(All versions prior to and including vGPU 16.13)
    Create a notification for this product.
    NVIDIA Virtual GPU Manager Affected: 595.94(All versions prior to and including vGPU 20.0)
    Create a notification for this product.
    NVIDIA Virtual GPU Manager Affected: 582.16(All versions prior to and including vGPU 19.4)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24201",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T18:31:33.843327Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T18:35:48.997Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Red Hat Enterprise Linux KVM",
                "VMware vSphere(Cloud Gaming)"
              ],
              "product": "Virtual GPU Manager",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "595.58.02(All versions up to and including the March 2026 release)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "XenServer",
                "VMware vSphere",
                "Red Hat Enterprise Linux KVM",
                "Ubuntu(R595 vGPU 20)"
              ],
              "product": "Virtual GPU Manager",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "595.58.02(All versions prior to and including vGPU 20.0)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "XenServer",
                "VMware vSphere",
                "Red Hat Enterprise Linux KVM",
                "Ubuntu(R580 vGPU 19)"
              ],
              "product": "Virtual GPU Manager",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "580.126.08(All versions prior to and including vGPU 19.4)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "XenServer",
                "VMware vSphere",
                "Red Hat Enterprise Linux KVM",
                "Ubuntu(R535 vGPU 16)"
              ],
              "product": "Virtual GPU Manager",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "535.288.01(All versions prior to and including vGPU 16.13)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Azure Local",
                "Windows Server(R595 vGPU 20)"
              ],
              "product": "Virtual GPU Manager",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "595.94(All versions prior to and including vGPU 20.0)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Azure Local",
                "Windows Server(R580 vGPU 19)"
              ],
              "product": "Virtual GPU Manager",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "582.16(All versions prior to and including vGPU 19.4)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": true,
                  "type": "text/html",
                  "value": "NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause an out-of-bound access. A successful exploit of this vulnerability might lead to data tampering, denial of service, or information disclosure."
                }
              ],
              "value": "NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause an out-of-bound access. A successful exploit of this vulnerability might lead to data tampering, denial of service, or information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Data tampering, denial of service, information disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T15:47:19.731Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24201"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24201"
            },
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5821"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24201",
        "datePublished": "2026-05-26T17:25:24.217Z",
        "dateReserved": "2026-01-21T19:09:34.870Z",
        "dateUpdated": "2026-05-27T15:47:19.731Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24200 (GCVE-0-2026-24200)

    Vulnerability from nvd – Published: 2026-05-26 17:24 – Updated: 2026-05-27 15:46
    VLAI
    Summary
    NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause a use-after-free for stack memory. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA Virtual GPU Manager Affected: 595.58.02(All versions up to and including the March 2026 release)
    Create a notification for this product.
    NVIDIA Virtual GPU Manager Affected: 580.126.08(All versions prior to and including vGPU 19.4)
    Create a notification for this product.
    NVIDIA Virtual GPU Manager Affected: 535.288.01(All versions prior to and including vGPU 16.13)
    Create a notification for this product.
    NVIDIA Virtual GPU Manager Affected: 595.94(All versions prior to and including vGPU 20.0)
    Create a notification for this product.
    NVIDIA Virtual GPU Manager Affected: 582.16(All versions prior to and including vGPU 19.4)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24200",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T03:55:54.721Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Red Hat Enterprise Linux KVM",
                "VMware vSphere(Cloud Gaming)"
              ],
              "product": "Virtual GPU Manager",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "595.58.02(All versions up to and including the March 2026 release)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "XenServer",
                "VMware vSphere",
                "Red Hat Enterprise Linux KVM",
                "Ubuntu(R595 vGPU 20)"
              ],
              "product": "Virtual GPU Manager",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "580.126.08(All versions prior to and including vGPU 19.4)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "XenServer",
                "VMware vSphere",
                "Red Hat Enterprise Linux KVM",
                "Ubuntu(R580 vGPU 19)"
              ],
              "product": "Virtual GPU Manager",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "535.288.01(All versions prior to and including vGPU 16.13)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Azure Local",
                "Windows Server(R595 vGPU 20)"
              ],
              "product": "Virtual GPU Manager",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "595.94(All versions prior to and including vGPU 20.0)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Azure Local",
                "Windows Server(R580 vGPU 19)"
              ],
              "product": "Virtual GPU Manager",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "582.16(All versions prior to and including vGPU 19.4)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": true,
                  "type": "text/html",
                  "value": "NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause a use-after-free for stack memory. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution."
                }
              ],
              "value": "NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause a use-after-free for stack memory. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of service, escalation of privileges, information disclosure, data tampering, code execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T15:46:42.305Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24200"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24200"
            },
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5821"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24200",
        "datePublished": "2026-05-26T17:24:48.456Z",
        "dateReserved": "2026-01-21T19:09:34.080Z",
        "dateUpdated": "2026-05-27T15:46:42.305Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24198 (GCVE-0-2026-24198)

    Vulnerability from nvd – Published: 2026-05-26 17:17 – Updated: 2026-05-27 15:44
    VLAI
    Summary
    NVIDIA GPU Display Driver for Linux contains a vulnerability where an advanced attacker could use a race condition to leak sensitive memory, which might cause limited exposure of sensitive information to an unauthorized actor. A successful exploit of this vulnerability might lead to denial of service, data tampering, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA GeForce Affected: All driver versions prior to 595.71.05
    Create a notification for this product.
    NVIDIA GeForce Affected: All driver versions prior to 580.159.03
    Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 595.71.05
    Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 580.159.03
    Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 595.71.05
    Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 580.159.03
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24198",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T18:27:58.663079Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T18:37:53.125Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R595)"
              ],
              "product": "GeForce",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 595.71.05"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R580)"
              ],
              "product": "GeForce",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 580.159.03"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R595)"
              ],
              "product": "NVIDIA RTX, Quadro, NVS",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 595.71.05"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R580)"
              ],
              "product": "NVIDIA RTX, Quadro, NVS",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 580.159.03"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R595)"
              ],
              "product": "Tesla",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 595.71.05"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R580)"
              ],
              "product": "Tesla",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 580.159.03"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": true,
                  "type": "text/html",
                  "value": "NVIDIA GPU Display Driver for Linux  contains a vulnerability where an advanced attacker could use a race condition to leak sensitive memory, which might cause limited exposure of sensitive information to an unauthorized actor. A successful exploit of this vulnerability might lead to denial of service, data tampering, and information disclosure."
                }
              ],
              "value": "NVIDIA GPU Display Driver for Linux  contains a vulnerability where an advanced attacker could use a race condition to leak sensitive memory, which might cause limited exposure of sensitive information to an unauthorized actor. A successful exploit of this vulnerability might lead to denial of service, data tampering, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of service, data tampering, information disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T15:44:45.771Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24198"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24198"
            },
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5821"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24198",
        "datePublished": "2026-05-26T17:17:54.052Z",
        "dateReserved": "2026-01-21T19:09:34.079Z",
        "dateUpdated": "2026-05-27T15:44:45.771Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24197 (GCVE-0-2026-24197)

    Vulnerability from nvd – Published: 2026-05-26 17:19 – Updated: 2026-05-27 15:44
    VLAI
    Summary
    NVIDIA Display Driver for Linux contains a vulnerability in the Multi-Instance GPU (MIG) partition management, where an insecure default initialization of memory subsystem routing resources could lead to data corruption or a hang during partition reconfiguration. A successful exploit of this vulnerability might lead to denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1188 - Initialization of a Resource with an Insecure Default
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA GeForce Affected: All driver versions prior to 595.71.05
    Create a notification for this product.
    NVIDIA GeForce Affected: All driver versions prior to 580.159.03
    Create a notification for this product.
    NVIDIA GeForce Affected: All driver versions prior to 535.309.01
    Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 595.71.05
    Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 580.159.03
    Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 535.309.01
    Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 595.71.05
    Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 580.159.03
    Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 535.309.01
    Create a notification for this product.
    NVIDIA Virtual GPU Manager Affected: 595.58.02(All versions prior to and including vGPU 20.0)
    Create a notification for this product.
    NVIDIA Virtual GPU Manager Affected: 580.126.08(All versions prior to and including vGPU 19.4)
    Create a notification for this product.
    NVIDIA Virtual GPU Manager Affected: 595.94(All versions prior to and including vGPU 20.0)
    Create a notification for this product.
    NVIDIA Virtual GPU Manager Affected: 582.16(All versions prior to and including vGPU 19.4)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24197",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T18:53:48.535083Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T18:54:00.363Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R595)"
              ],
              "product": "GeForce",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 595.71.05"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R580)"
              ],
              "product": "GeForce",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 580.159.03"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R535)"
              ],
              "product": "GeForce",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 535.309.01"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R595)"
              ],
              "product": "NVIDIA RTX, Quadro, NVS",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 595.71.05"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R580)"
              ],
              "product": "NVIDIA RTX, Quadro, NVS",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 580.159.03"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R535)"
              ],
              "product": "NVIDIA RTX, Quadro, NVS",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 535.309.01"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R595)"
              ],
              "product": "Tesla",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 595.71.05"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R580)"
              ],
              "product": "Tesla",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 580.159.03"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R535)"
              ],
              "product": "Tesla",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 535.309.01"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "XenServer",
                "VMware vSphere",
                "Red Hat Enterprise Linux KVM",
                "Ubuntu(R595 vGPU 20)"
              ],
              "product": "Virtual GPU Manager",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "595.58.02(All versions prior to and including vGPU 20.0)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "XenServer",
                "VMware vSphere",
                "Red Hat Enterprise Linux KVM",
                "Ubuntu(R580 vGPU 19)"
              ],
              "product": "Virtual GPU Manager",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "580.126.08(All versions prior to and including vGPU 19.4)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Azure Local",
                "Windows Server(R595 vGPU 20)"
              ],
              "product": "Virtual GPU Manager",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "595.94(All versions prior to and including vGPU 20.0)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Azure Local",
                "Windows Server(R580 vGPU 19)"
              ],
              "product": "Virtual GPU Manager",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "582.16(All versions prior to and including vGPU 19.4)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": true,
                  "type": "text/html",
                  "value": "NVIDIA Display Driver for Linux contains a vulnerability in the Multi-Instance GPU (MIG) partition management, where an insecure default initialization of memory subsystem routing resources could lead to data corruption or a hang during partition reconfiguration. A successful exploit of this vulnerability might lead to denial of service."
                }
              ],
              "value": "NVIDIA Display Driver for Linux contains a vulnerability in the Multi-Instance GPU (MIG) partition management, where an insecure default initialization of memory subsystem routing resources could lead to data corruption or a hang during partition reconfiguration. A successful exploit of this vulnerability might lead to denial of service."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of service"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1188",
                  "description": "CWE-1188 Initialization of a Resource with an Insecure Default",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T15:44:16.401Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24197"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24197"
            },
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5821"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24197",
        "datePublished": "2026-05-26T17:19:40.408Z",
        "dateReserved": "2026-01-21T19:09:34.079Z",
        "dateUpdated": "2026-05-27T15:44:16.401Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24196 (GCVE-0-2026-24196)

    Vulnerability from nvd – Published: 2026-05-26 17:20 – Updated: 2026-05-27 15:43
    VLAI
    Summary
    NVIDIA Display Driver for Linux contains a vulnerability where a user could cause an out-of-bounds read. A successful exploit of this vulnerability might lead to denial of service and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA GeForce Affected: All driver versions prior to 595.71.05
    Create a notification for this product.
    NVIDIA GeForce Affected: All driver versions prior to 580.159.03
    Create a notification for this product.
    NVIDIA GeForce Affected: All driver versions prior to 535.309.01
    Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 595.71.05
    Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 580.159.03
    Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 535.309.01
    Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 595.71.05
    Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 580.159.03
    Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 535.309.01
    Create a notification for this product.
    NVIDIA Guest driver Affected: 595.58.03(All versions prior to and including vGPU 20.0)
    Create a notification for this product.
    NVIDIA Guest driver Affected: 580.126.09(All versions prior to and including vGPU 19.4)
    Create a notification for this product.
    NVIDIA Guest driver Affected: 535.288.01(All versions prior to and including vGPU 16.13)
    Create a notification for this product.
    NVIDIA Guest driver Affected: 595.58.03(All versions up to and including the March 2026 release)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24196",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T18:28:12.222207Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T18:37:24.065Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R595)"
              ],
              "product": "GeForce",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 595.71.05"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R580)"
              ],
              "product": "GeForce",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 580.159.03"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R535)"
              ],
              "product": "GeForce",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 535.309.01"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R595)"
              ],
              "product": "NVIDIA RTX, Quadro, NVS",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 595.71.05"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R580)"
              ],
              "product": "NVIDIA RTX, Quadro, NVS",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 580.159.03"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R535)"
              ],
              "product": "NVIDIA RTX, Quadro, NVS",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 535.309.01"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R595)"
              ],
              "product": "Tesla",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 595.71.05"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R580)"
              ],
              "product": "Tesla",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 580.159.03"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R535)"
              ],
              "product": "Tesla",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 535.309.01"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R595 vGPU 20)"
              ],
              "product": "Guest driver",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "595.58.03(All versions prior to and including vGPU 20.0)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R580 vGPU 19)"
              ],
              "product": "Guest driver",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "580.126.09(All versions prior to and including vGPU 19.4)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R535 vGPU 16)"
              ],
              "product": "Guest driver",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "535.288.01(All versions prior to and including vGPU 16.13)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(Cloud Gaming)"
              ],
              "product": "Guest driver",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "595.58.03(All versions up to and including the March 2026 release)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": true,
                  "type": "text/html",
                  "value": "NVIDIA Display Driver for Linux contains a vulnerability where a user could cause an out-of-bounds read. A successful exploit of this vulnerability might lead to denial of service and information disclosure."
                }
              ],
              "value": "NVIDIA Display Driver for Linux contains a vulnerability where a user could cause an out-of-bounds read. A successful exploit of this vulnerability might lead to denial of service and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of service, information disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T15:43:31.436Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24196"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24196"
            },
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5821"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24196",
        "datePublished": "2026-05-26T17:20:25.479Z",
        "dateReserved": "2026-01-21T19:09:34.079Z",
        "dateUpdated": "2026-05-27T15:43:31.436Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24195 (GCVE-0-2026-24195)

    Vulnerability from nvd – Published: 2026-05-26 17:15 – Updated: 2026-05-26 18:38
    VLAI
    Summary
    NVIDIA Display Driver for Linux contains a vulnerability in UVM, where a user could cause improper input validation. A successful exploit of this vulnerability might lead to denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA Guest driver Affected: 595.58.03(All versions prior to and including vGPU 20.0)
    Create a notification for this product.
    NVIDIA Guest driver Affected: 580.126.09(All versions prior to and including vGPU 19.4)
    Create a notification for this product.
    NVIDIA Guest driver Affected: 595.58.03(All versions up to and including the March 2026 release)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24195",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T18:27:42.793026Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T18:38:21.943Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R595 vGPU 20)"
              ],
              "product": "Guest driver",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "595.58.03(All versions prior to and including vGPU 20.0)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R580 vGPU 19)"
              ],
              "product": "Guest driver",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "580.126.09(All versions prior to and including vGPU 19.4)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(Cloud Gaming)"
              ],
              "product": "Guest driver",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "595.58.03(All versions up to and including the March 2026 release)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": true,
                  "type": "text/html",
                  "value": "NVIDIA Display Driver for Linux contains a vulnerability in UVM, where a user could cause improper input validation. A successful exploit of this vulnerability might lead to denial of service."
                }
              ],
              "value": "NVIDIA Display Driver for Linux contains a vulnerability in UVM, where a user could cause improper input validation. A successful exploit of this vulnerability might lead to denial of service."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of service"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T17:15:30.817Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24195"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24195"
            },
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5821"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24195",
        "datePublished": "2026-05-26T17:15:30.817Z",
        "dateReserved": "2026-01-21T19:09:34.079Z",
        "dateUpdated": "2026-05-26T18:38:21.943Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24194 (GCVE-0-2026-24194)

    Vulnerability from nvd – Published: 2026-05-26 17:24 – Updated: 2026-05-27 15:41
    VLAI
    Summary
    NVIDIA Display Driver for Linux contains a vulnerability in a kernel mode layer handler, where a user could cause improper permission handling. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-281 - Improper Preservation of Permissions
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA GeForce Affected: All driver versions prior to 595.71.05
    Create a notification for this product.
    NVIDIA GeForce Affected: All driver versions prior to 580.159.03
    Create a notification for this product.
    NVIDIA GeForce Affected: All driver versions prior to 535.309.01
    Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 595.71.05
    Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 580.159.03
    Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 535.309.01
    Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 595.71.05
    Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 580.159.03
    Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 535.309.01
    Create a notification for this product.
    NVIDIA Guest driver Affected: 595.58.03(All versions prior to and including vGPU 20.0)
    Create a notification for this product.
    NVIDIA Guest driver Affected: 580.126.09(All versions prior to and including vGPU 19.4)
    Create a notification for this product.
    NVIDIA Guest driver Affected: 535.288.01(All versions prior to and including vGPU 16.13)
    Create a notification for this product.
    NVIDIA Guest driver Affected: 595.58.03(All versions up to and including the March 2026 release)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24194",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T03:56:05.890Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R595)"
              ],
              "product": "GeForce",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 595.71.05"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R580)"
              ],
              "product": "GeForce",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 580.159.03"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R535)"
              ],
              "product": "GeForce",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 535.309.01"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R595)"
              ],
              "product": "NVIDIA RTX, Quadro, NVS",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 595.71.05"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R580)"
              ],
              "product": "NVIDIA RTX, Quadro, NVS",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 580.159.03"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R535)"
              ],
              "product": "NVIDIA RTX, Quadro, NVS",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 535.309.01"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R595)"
              ],
              "product": "Tesla",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 595.71.05"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R580)"
              ],
              "product": "Tesla",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 580.159.03"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R535)"
              ],
              "product": "Tesla",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 535.309.01"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R595 vGPU 20)"
              ],
              "product": "Guest driver",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "595.58.03(All versions prior to and including vGPU 20.0)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R580 vGPU 19)"
              ],
              "product": "Guest driver",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "580.126.09(All versions prior to and including vGPU 19.4)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R535 vGPU 16)"
              ],
              "product": "Guest driver",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "535.288.01(All versions prior to and including vGPU 16.13)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(Cloud Gaming)"
              ],
              "product": "Guest driver",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "595.58.03(All versions up to and including the March 2026 release)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": true,
                  "type": "text/html",
                  "value": "NVIDIA Display Driver for Linux contains a vulnerability in a kernel mode layer handler, where a user could cause improper permission handling. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution."
                }
              ],
              "value": "NVIDIA Display Driver for Linux contains a vulnerability in a kernel mode layer handler, where a user could cause improper permission handling. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of service, escalation of privileges, information disclosure, data tampering, code execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-281",
                  "description": "CWE-281 Improper Preservation of Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T15:41:55.643Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24194"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24194"
            },
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5821"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24194",
        "datePublished": "2026-05-26T17:24:13.664Z",
        "dateReserved": "2026-01-21T19:09:34.079Z",
        "dateUpdated": "2026-05-27T15:41:55.643Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }