Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
NVIDIA TRT-LLM for any platform contains a vulnerability where an attacker could cause an unchecked return value to a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service.
AnalysisAI
Null pointer dereference in NVIDIA TensorRT-LLM across all supported platforms allows a local attacker to crash the application and cause denial of service. The flaw stems from an unchecked return value that is subsequently dereferenced, triggering a fault when the returned pointer is null. With a CVSS score of 5.5 and no public exploit or CISA KEV listing identified at time of analysis, real-world risk is moderate and constrained by the local attack vector and mandatory user interaction.
Technical ContextAI
NVIDIA TensorRT-LLM is a high-performance inference library for large language models built on top of NVIDIA's TensorRT engine. The vulnerability is classified as CWE-690 (Unchecked Return Value to NULL Pointer Dereference), a code-quality defect in which a function's return value - which may be NULL on failure - is used without a validity check, causing a dereference of an invalid memory address. The CPE string cpe:2.3:a:nvidia:tensorrt-llm:*:*:*:*:*:*:*:* covers all versions and all platforms, indicating the defect exists in shared library or application code rather than being isolated to a single platform build. The scope is confined (S:U), meaning exploitation does not allow the attacker to cross privilege or process boundaries.
RemediationAI
Consult the NVIDIA security advisory at https://nvidia.custhelp.com/app/answers/detail/a_id/5805 for official patch guidance. A specific fixed version number was not present in the available data, so the patch status is 'patch available per vendor advisory' and the exact remediation version should be confirmed directly from that source before upgrading. As a compensating control, restrict access to environments running TensorRT-LLM so that only trusted users and trusted model artifacts are permitted - since exploitation requires local user interaction, preventing untrusted inputs from reaching the TRT-LLM inference pipeline reduces exposure. Sandboxing or containerizing TRT-LLM inference processes limits the blast radius of a crash to the isolated environment, preserving availability of the broader system.
The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary c
The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially craft
Authentication bypass in NVIDIA Triton Inference Server allows unauthenticated remote attackers to reach protected funct
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially craft
NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default co
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before G
The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privi
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with de
The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows a
nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 3
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31058
GHSA-2wmg-q3rm-p93r