Impact
The NVIDIA Megatron Bridge for Linux contains a deserialization flaw that allows it to process untrusted data. Exploiting this weakness can result in arbitrary code execution, privilege escalation, data tampering, and the disclosure of sensitive information. The vulnerability is classified as CWE-502, reflecting a deserialization of untrusted data issue.
Affected Systems
The affected product is NVIDIA Megatron Bridge for Linux. No specific version information is provided in the current advisories.
Risk and Exploitability
The CVSS score of 7.8 indicates a high severity level. While an EPSS score is not available, the flaw remains a serious vector for attackers who can supply malicious serialized input. The issue is not listed in the CISA KEV catalog, but the potential for remote code execution means it should be treated as high risk. Attackers likely need to send crafted data to the Bridge, either locally or over a network if the Bridge is exposed. The impact is system-wide once executed, providing full code execution and privilege gain.
OpenCVE Enrichment