Impact
The NVIDIA Megatron Bridge for Linux contains a flaw that allows an attacker to misuse the code generation component, resulting in uncontrolled execution of arbitrary code. This vulnerability can lead to privilege escalation, data tampering, and information disclosure. The weakness is identified as CWE‑94 – Improper Control of Generation of Code.
Affected Systems
The affected product is NVIDIA Megatron Bridge for Linux. No specific version range is provided; all installations of this product may be impacted until a patched release is obtained.
Risk and Exploitability
The CVSS score of 7.8 indicates high severity, but the EPSS score is not available, and the flaw is not listed in CISA’s KEV catalog. Based on the description, the likely attack vector requires an attacker to supply malicious input to the code generation functionality, which may be achievable through local or privileged access to the Bridge service. Successful exploitation could grant the attacker full code execution privileges on the affected system.
OpenCVE Enrichment