Nemo Framework
Monthly
Local code execution in NVIDIA NeMo Framework on Linux allows an authenticated low-privileged attacker to abuse unsafe deserialization of untrusted data (CWE-502) to run arbitrary code, escalate privileges, tamper with data, or disclose information. The CVSS 7.8 (AV:L/PR:L) profile and the typical ML-training use case mean exploitation requires existing access to the host running NeMo. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Code injection in NVIDIA NeMo Framework across all supported platforms allows a local attacker with low privileges to execute arbitrary code, escalate privileges, disclose sensitive information, and tamper with data. The flaw carries a CVSS 3.1 score of 7.8 with high impact across confidentiality, integrity, and availability, though no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Local code execution in NVIDIA NeMo Framework on Linux allows an authenticated low-privileged attacker to abuse unsafe deserialization of untrusted data (CWE-502) to run arbitrary code, escalate privileges, tamper with data, or disclose information. The CVSS 7.8 (AV:L/PR:L) profile and the typical ML-training use case mean exploitation requires existing access to the host running NeMo. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Code injection in NVIDIA NeMo Framework across all supported platforms allows a local attacker with low privileges to execute arbitrary code, escalate privileges, disclose sensitive information, and tamper with data. The flaw carries a CVSS 3.1 score of 7.8 with high impact across confidentiality, integrity, and availability, though no public exploit identified at time of analysis and the issue is not listed in CISA KEV.