15 matches found
CVE-2026-24218
CVE-2026-24218 affects NVIDIA DGX OS. The vulnerability arises during factory provisioning: cloning a base image deploys identical SSH host keys across multiple systems, enabling host impersonation or attacker-in-the-middle attacks. Consequences listed include potential code execution, data tampe...
CVE-2025-33187
CVE-2025-33187 affects NVIDIA DGX Spark GB10, with a vulnerability in the SROOT component that could allow an attacker with local, low-privilege access to reach SoC protected areas. Exploitation could lead to code execution, information disclosure, data tampering, denial of service, or privilege ...
CVE-2025-33192
CVE-2025-33192 affects NVIDIA DGX Spark GB10 via a vulnerability in the SROOT firmware that could allow an attacker with local access to perform an arbitrary memory read, potentially causing a denial of service. The impact is described as local, with availability as the primary concern; no exploi...
CVE-2025-33189
The CVE-2025-33189 entry concerns NVIDIA DGX Spark GB10 with a vulnerability in the SROOT firmware. The root cause is an out-of-bounds write in SROOT, which could allow an attacker to trigger code execution, data tampering, denial of service, information disclosure, or privilege escalation. Affec...
CVE-2025-33190
CVE-2025-33190 affects NVIDIA DGX Spark GB10 via an out-of-bounds write in the SROOT firmware. The vulnerability could enable code execution, data tampering, denial of service, or privilege escalation, as described across multiple sources. Public exploit details are not provided in the connected ...
CVE-2025-33193
The CVE-2025-33193 issue affects NVIDIA DGX Spark GB10 via SROOT firmware. Affected component: SROOT firmware in DGX Spark GB10. Vulnerability: improper validation of integrity in the firmware, enabling information disclosure under local access conditions (attack vector: local). Impact: confident...
CVE-2025-33194
The CVE-2025-33194 entry affects NVIDIA DGX Spark GB10, specifically the SROOT firmware. The vulnerability stems from improper processing of input data in SROOT, with documented consequences including information disclosure and denial of service. There is no exploitation status provided in the so...
CVE-2025-33199
CVE-2025-33199 affects NVIDIA DGX Spark GB10 with a vulnerability in the SROOT firmware that could lead to incorrect control flow and data tampering. Affected component: SROOT firmware on DGX Spark GB10. Root cause: firmware-level control-flow issue (details not fully disclosed in the provided do...
CVE-2025-33188
CVE-2025-33188 affects NVIDIA DGX Spark GB10. The issue is described as a vulnerability in hardware resources allowing an attacker to tamper with hardware controls. Impact includes information disclosure, data tampering, and denial of service. Exploitation appears local (attacker needs local acce...
CVE-2025-33195
Summary (CVE-2025-33195) : NVIDIA DGX Spark GB10 contains a vulnerability in the SROOT firmware that can trigger unexpected memory buffer operations. The issue could allow data tampering, denial of service, or privilege escalation as described in multiple sources (NVD/Red Hat/CVE records). There ...
CVE-2025-33196
The CVE-2025-33196 entry concerns NVIDIA DGX Spark GB10, where a vulnerability in the SROOT firmware could cause a resource to be reused, potentially leading to information disclosure. Connected sources (e.g., Red Hat CVE entry and other feeds) corroborate the SROOT firmware issue but do not prov...
CVE-2025-33198
CVE-2025-33198 affects NVIDIA DGX Spark GB10 via a vulnerability in the SROOT firmware that could allow information disclosure due to a resource reuse issue. The Red Hat/NVD entries corroborate this description and note the impact as potential information disclosure with a low base score (3.3/10)...
CVE-2025-33191
CVE-2025-33191 affects NVIDIA DGX Spark GB10 OSROOT firmware. The vulnerability is an invalid memory read in OSROOT firmware, with potential denial of service. Public data describes it as a local attack vector (AV:L) with low attack complexity (AC:L) and no user interaction required (UI:N); privi...
CVE-2025-33197
CVE-2025-33197 affects NVIDIA DGX Spark GB10 via a NULL pointer dereference in the SROOT firmware, with potential denial of service. The Red Hat and NVD/NVIDIA entries describe the same vulnerability scoped to DGX Spark GB10 devices; no exploitation details are provided in the documents. Affected...
CVE-2025-33200
CVE-2025-33200 affects NVIDIA DGX Spark GB10 via the SROOT firmware. The vulnerability stems from a resource reuse issue in SROOT, which could allow an attacker to cause a resource to be reused and potentially disclose information. The available documents describe the affected product (DGX Spark ...