Skip to main content

Nvidia CVE-2025-33216

| EUVDEUVD-2025-208966 MEDIUM
Incorrect Calculation of Buffer Size (CWE-131)
2026-03-24 nvidia GHSA-j44v-7j32-mr9x
6.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 24, 2026 - 20:31 euvd
EUVD-2025-208966
Analysis Generated
Mar 24, 2026 - 20:31 vuln.today
CVE Published
Mar 24, 2026 - 20:21 nvd
MEDIUM 6.8

DescriptionCVE.org

NVIDIA SNAP-4 Container contains a vulnerability in the configuration interface where an attacker on a VM may cause an incorrect calculation of buffer size by sending crafted configurations. A successful exploit of this vulnerability may lead to crash of the SNAP service, causing denial of service of the storage service to the host.

AnalysisAI

NVIDIA SNAP-4 Container contains a buffer size calculation vulnerability in its configuration interface that allows an authenticated attacker on the same virtualized environment to trigger a denial of service condition. An attacker with local VM access and low-level privileges can send specially crafted configuration payloads that cause incorrect buffer size calculations, resulting in crashes of the SNAP storage service and loss of storage availability to the host. There is currently no evidence of active exploitation or public proof-of-concept code, and the SSVC framework indicates no known exploitation has occurred, though the vulnerability is automatable in principle.

Technical ContextAI

The vulnerability exists in NVIDIA SNAP-4 Container (identified via CPE cpe:2.3:a:nvidia:snap-4_container:*:*:*:*:*:*:*:*), a storage networking appliance container product. The root cause is classified as CWE-131 (Incorrect Calculation of Buffer Size), which represents improper validation or computation of buffer boundaries during configuration parsing. When the configuration interface processes attacker-supplied parameters, it miscalculates the required memory allocation, leading to buffer overflow or underflow conditions that destabilize the SNAP service process. The vulnerability requires local network-level access (AV:A in CVSS) from within the hypervisor environment, making it a VM-to-host attack vector rather than a remote network exploitation.

RemediationAI

Apply the security patch released by NVIDIA for SNAP-4 Container to the version specified in the official advisory at https://nvidia.custhelp.com/app/answers/detail/a_id/5744. Until patching can be completed, implement network segmentation to restrict configuration interface access to only trusted administrative hosts, disable VM-to-management-network routing if not required for production, and deploy host-based monitoring to detect abnormal SNAP service restarts or crashes that may indicate exploitation attempts. Test the patch thoroughly in a non-production environment before production deployment, as the vulnerability affects core storage availability.

More in Nvidia

View all
CVE-2016-1741 CRITICAL POC
9.8 Mar 24

The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary c

CVE-2013-0109 HIGH POC
7.2 Apr 08

The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not

CVE-2019-5684 CRITICAL POC
10.0 Aug 06

NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially craft

CVE-2026-24207 CRITICAL POC
9.8 May 20

Authentication bypass in NVIDIA Triton Inference Server allows unauthenticated remote attackers to reach protected funct

CVE-2019-5685 CRITICAL POC
9.8 Aug 06

NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially craft

CVE-2025-23359 HIGH POC
8.3 Feb 12

NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default co

CVE-2016-8812 HIGH POC
8.8 Nov 08

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before G

CVE-2016-1861 HIGH POC
7.8 Jun 19

The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privi

CVE-2024-0132 HIGH POC
8.3 Sep 26

NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with de

CVE-2016-1846 HIGH POC
7.8 May 20

The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows a

CVE-2015-7865 HIGH POC
7.7 Nov 24

nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before

CVE-2016-8811 HIGH POC
7.8 Nov 08

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 3

Share

CVE-2025-33216 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy