Severity by source
AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionCVE.org
NVIDIA SNAP-4 Container contains a vulnerability in the configuration interface where an attacker on a VM may cause an incorrect calculation of buffer size by sending crafted configurations. A successful exploit of this vulnerability may lead to crash of the SNAP service, causing denial of service of the storage service to the host.
AnalysisAI
NVIDIA SNAP-4 Container contains a buffer size calculation vulnerability in its configuration interface that allows an authenticated attacker on the same virtualized environment to trigger a denial of service condition. An attacker with local VM access and low-level privileges can send specially crafted configuration payloads that cause incorrect buffer size calculations, resulting in crashes of the SNAP storage service and loss of storage availability to the host. There is currently no evidence of active exploitation or public proof-of-concept code, and the SSVC framework indicates no known exploitation has occurred, though the vulnerability is automatable in principle.
Technical ContextAI
The vulnerability exists in NVIDIA SNAP-4 Container (identified via CPE cpe:2.3:a:nvidia:snap-4_container:*:*:*:*:*:*:*:*), a storage networking appliance container product. The root cause is classified as CWE-131 (Incorrect Calculation of Buffer Size), which represents improper validation or computation of buffer boundaries during configuration parsing. When the configuration interface processes attacker-supplied parameters, it miscalculates the required memory allocation, leading to buffer overflow or underflow conditions that destabilize the SNAP service process. The vulnerability requires local network-level access (AV:A in CVSS) from within the hypervisor environment, making it a VM-to-host attack vector rather than a remote network exploitation.
RemediationAI
Apply the security patch released by NVIDIA for SNAP-4 Container to the version specified in the official advisory at https://nvidia.custhelp.com/app/answers/detail/a_id/5744. Until patching can be completed, implement network segmentation to restrict configuration interface access to only trusted administrative hosts, disable VM-to-management-network routing if not required for production, and deploy host-based monitoring to detect abnormal SNAP service restarts or crashes that may indicate exploitation attempts. Test the patch thoroughly in a non-production environment before production deployment, as the vulnerability affects core storage availability.
The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary c
The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially craft
Authentication bypass in NVIDIA Triton Inference Server allows unauthenticated remote attackers to reach protected funct
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially craft
NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default co
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before G
The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privi
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with de
The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows a
nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 3
Same weakness CWE-131 – Incorrect Calculation of Buffer Size
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-208966
GHSA-j44v-7j32-mr9x