Impact
NVIDIA Megatron Bridge for Linux contains a flaw where untrusted data can be deserialized, allowing an attacker to execute arbitrary code. An attacker who successfully exploits this vulnerability could elevate privileges, tamper with data, or disclose sensitive information, as indicated by the description and the associated CWE-502.
Affected Systems
Affected systems are NVIDIA Megatron Bridge running on Linux. No specific version details are listed in the provided data.
Risk and Exploitability
The CVSS score of 7.8 indicates a high severity impact. While no EPSS score is available, the lack of a KEV listing does not preclude exploitation. Based on the vulnerability description, the likely attack vector is over the network that provides data to the bridge’s deserialization routines. An attacker capable of sending crafted input could trigger arbitrary code execution without user interaction. The exploit would give control of the bridge or the host system, depending on privilege escalation success.
OpenCVE Enrichment